The rutx09's and rutx50's seem to have the same issue with regards to IPSEC VPN tunnels. Sometimes (not always) the rutx fails to setup all child SA's. A restart of the ipsec services fixes this. I found a similar case in the forums, but the given fix "Compatibility mode=on" did not fix it. Remote endpoint is a Fortigate firewall.
See cli output:
root@W01-RTR01:~# ipsec status
Security Associations (1 up, 0 connecting):
CustX-CustX_c[2]: ESTABLISHED 11 minutes ago, 10.178.237.3[W01-RTR01]...1.2.3.4[WHZ-FW02]
CustX-CustX_c_1{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c45cd9d0_i ff6a7896_o
CustX-CustX_c_1{1}: 10.100.1.254/32 === 10.20.0.0/16
root@W01-RTR01:~# ipsec restart
Stopping strongSwan IPsec...
Starting strongSwan 5.9.2 IPsec [starter]...
root@W01-RTR01:~# ipsec status
Security Associations (1 up, 0 connecting):
CustX-CustX_c[1]: ESTABLISHED 3 seconds ago, 10.178.237.3[W01-RTR01]...1.2.3.4[WHZ-FW02]
CustX-CustX_c{1}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: c0aa5aa1_i ff6a78a2_o
CustX-CustX_c{1}: 10.100.1.254/32 === 192.168.222.0/24
CustX-CustX_c_1{2}: INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: c97ee7fe_i ff6a78a3_o
CustX-CustX_c_1{2}: 10.100.1.254/32 === 10.20.0.0/16
root@W01-RTR01:~#
I've attached the troubleshoot file.