I wonder if anyone can help, has ideas on this:
We have a problem with a site-to-site VPN between a Watchguard firewall and an ASA 5510, running 7.0(7).
The VPN works fine, but, 'breaks/drops' connections at about 75% of the IKE lifetime, which is pretty annoying as it's a high use VPN.
This is apparently caused by the ASA initiating a rekey - but I need to definitely confirm this.
The strange thing is that the VPN was working fine with a PIX Firewall running 6.3(1). I literally copied and pasted the config when migrating between the platforms.
Does anyone have any ideas why the problem might be happening, what debugs to look out for?
I think I've managed to rule out things like DPD (Dead Peer Detection) and keepalives since the VPN is in constant use.
The 75 is pretty constant as well - I've increased the IKE lifetime to 86400 (24hrs) to mitigate the problem, causing a drop every 18hrs (75%).
Next step is to interpret the debugs and try to recreate - pretty hard without another Watchguard!
We have other customer VPN's on the same box, which seems unaffected - they can stay up for days with much smaller volumes of traffic.
Any help is appreciated