I have a VPN tunnel from an ASA 5500 running 8.0.4 to a Nortel Contivity device. Periodically the tunnel will just stop passing traffic (do not see encap or decap numbers increasing) but the tunnel will still be up. After a clear crypto ipsec on the peer the tunnel will reestablish and everything will be fine again. Actually it is only 2 SAs within the tunnel that stop passing traffic. One thing I do see different on them is that the SA that keeps working the whole time has lifetime listed as just sec but the SAs that stop passing traffic have lifetime listed as KB/Sec. Not sure why different SAs to the same peer (and in the same crypto map) are negotiating differently. The crypto map statement has both kb and sec lifetimes specified. We have several other tunnels on this ASA and only have this issue on this one - however I think this may be the only Nortel Contivity we have a tunnel to.
Onbiously we would prefer not to have to reset the tunnel periodically so any suggestions on what might be causing some SAs in the tunnel to "freeze" would be appreciated.