We have 9 small sites connected using Pix 501s to a central location over the Internet. All of these sites are running VPN tunnels (IPSec esp-3Des esp-md5-hmac) and using IKE 3Des, MD5, DH group 2 with preshared keys. The central location is a VPN 3030 concentrator. All of the sites except 1 seem to be fine but one of them goes down (i.e. the tunnel is dropped but the remote pix stays up). This happens frequently, between an hour and a day and no traffic will bring the tunnel back up again. I can log onto the remote pix remotely using SSH to the outside interface and issue the command 'show crypto isakmp sa' and there is an IKE association that looks fine (QM_IDLE) but there is nothing on the concentrator. If I issue the command 'clear crypto isakmp sa' on the remote pix the tunnel comes back up. Then an hour or two later it will go down again.
Does anyone have a clue what might be causing this? We've tried reboots of the remote pix and it makes no difference. Could there be a problem with that device? It is running version 6.3(5) as are the others. How could I go about trying to find out the cause? Thanks.