Experiencing a perceived outage with Cloud WSG (formerly known as WSS) service.
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=......
See Cisco documentation:
SA's are out of sync between devices. Encrypted traffic with SA's that its peer does not know about. Those packets are then dropped by the peer.
To verify this information a pcap will need to be done from the Symantec/Broadcom concentrator. A case will need to be opened and escalated to NOC or Backline for support to do so.
At the exact same time a PCAP will need to be run on the customers end while the issue is occuring.