We have a l2l vpn tunnel set up between two 5510s that are both running 7.2.4 code. Each side has two subnets (one for data and the other for voice) The tunnel is set up to allow all subnets to talk to each other. Periodically (every 45 min to 1 hour) two of the ipsec sa's drop out from the ASA at site A but do not drop out of the ASA at site B.
Data subnet at site A is 192.168.1.0 /24 and voice subnet at site A is 10.0.1.0 /24.
Data subnet at site B is 192.168.2.0 /24 and voice subnet at site B is 10.0.2.0 /24
When the ipsec sa's drop out the 192.168.1.0 can still send traffic to 192.168.2.0 and vice versa.
10.0.1.0 can still send traffic to 10.0.2.0 and vice versa.
However traffic ceases between 192.168.1.0 and 10.0.2.0. traffic also ceases between 10.0.1.0 and 192.168.2.0.
This wouldn't be an issue except the unity server sits on the data subnet at site A and whenever this occurs phones at site B cannot reach voicemail. No matter how many times the phones at site B call voicemail the ipsec sa doesn't reform to allow the traffic. However if we issue a ping from a device on the Site A data network to the voice network at site B the ipsec sa reforms on the site A ASA and then the phones at site B can call voicemail.
Currently we have a continuous ping set up from a pc on the data vlan at site A to the voice gateway on the voice subnet at site B. This appears to keep the tunnel up between the two subnets permanently as there is always interesting traffic.
does anyone have an idea on why this occurs or if not what we can do to keep the ipsec sa's from dropping out without a continuous ping running?