We have several site-to-site IPSec VPN's setup.
All are running on ASA's 8.2(1).
All have a Security Association Lifetime (Time) of 8 hours.
All have a Security Association Lifetime (Traffic Volum) of 4608000 KiloBytes.
We have an issue when we do Oracle logshipping between the sites.
This triggers the Traffic Volume rekey as can be seen by this entry in the logs: -
%ASA-7-702307: IPSEC: An inbound L2L SA (SPI= 0x169FA1C1) between <Site A IP> and <Site B IP> (user= <Site B IP>) is rekeying due to data rollover.
However it does not appear as if the renegotiation is occurring properly. Within 10 to 15 minutes data stops being transmitted along the link, even though the IPSec tunnel still appears up in the ASDM GUI.
The 'fix' for this is that we are using is to login to the ASDM GUI and bounce the link by going to Monitoring => VPN => VPN Statistics => Sessions => IPSec Site-to-Site. Then select the appropriate VPN tunnel and click on 'Logout'. This forces a link renegotiation which works fine.
I have attached a logfile from the local ASA (there's nothing in the logfile of the remote ASA until we bounce the VPN tunnel).
Any help would be appreciated.