On my remote end I have a ASA 5505 initiating an IPSEC site to site tunnel to my head end (5540). We have multiple sites connecting to this 5540 with the same exact config at each remote end.
What's different with this particular remote site is the Internet service: it's an ethernet hand-off from a 29xx LRE switch which I have no control over.
Every once in awhile the handoff to me flaps (the iface goes down hard and then 5-10 seconds later comes back up-up).
When this happens, the head end breaks the tunnel as it should, but the remote end does not. I've tried changing the arp cache timeout on the ASA to 60 seconds, adding "isakmp keepalive 10", but to no avail... when the iface flops, the tunnel doesn't break and re-negotiate.
Any suggestions on what I can do?