If your only complaint is that of the invalid SPI, than I would not worry to much.The newly created IKE SA is set without the IKEv2 authentication exchange.
Network Engineering Stack Exchange is a question and answer site for network engineers.Refreshing Windows Azure VPN tunnel. the Azure gateway and your VPN device needs to negotiate a series of security. clear crypto isakmp sa clear crypto.
Go to Monitoring, then select VPN from the list of Interfaces.Anyway, I would not be worried too much as long as the tunnel is up when you need it.What if you built this as a route-based vpn would the SPI error still be present.
If you can keep it running until the next outage, that might report about some error that helps to troubleshoot the issue.I have been looking a lot but no solution so far. any suggestion would be great Im using Fortigate 100D at my Site, the client site is PA 500.