Turns out the issue was caused by the Rancher/Agent.
Ranger/Agent was install specifying the IP address of the host as the Cattle_Agent_IP to ensure the server used the correct IP address, but it appears to have gone sideways after some containers were installed.
Redeployed Rancher/Agent on the host, specifying the Host IP as the Cattle_Agent_IP and the ipsec for this host started working.
credit:http://forums.rancher.com/t/node-disconected-ipsec-problem/9740