Posted this in the VPN section - apologize in advance for cross posting, but I'm kind of in a bind.
We've been pushing tons of replication traffic lately through a VPN, and have been using a route map to direct that traffic specifically to an OC3 (before that, it completely saturated one of our DS3's) . We have 4 tunnels total, and only the tunnel used for replication across the OC3 seems to be having issues. It's been sporadic, but when it drops the only way to fix it is to clear the SA. It's possible that the OC3 might actually be throttled down (when it's hammered, BW charts show it flatlining at around 85-90mb but never anything higher).
I'm thinking, though, if maybe UDP/500 is caught up somewhere during congestion while trying to rekey & causing the tunnel to drop. What are your thoughts on creating another route-map & directing only UDP/500 across a known good link, while still riding ESP across the bigger OC3?