Please your help ...
I've configured a VPN L2L between an ASA5505 and CP2070.
The tunnel is working, we have conectivity between sites, but the tunnel is disconnecting periodically.
When the tunnel fails, we need to make a "clear crypto isakmp sa <tunnel address>" to recover the connection.
I've been testing modifying the lifetime parameters in IKE and IPSec configurations, but the problems persist.
Any suggestion ?
The ASA configuration file is attached.
If you resolve the issue by clearing the tunnel on the ASA side, I might think that there's a loss of connectivity on the Checkpoint side when this happens?
I mean... the ASA still belives the tunnel is up, but it isn't because is not up on the checkpoint side.
As soon as you cleared the SAs on the ASA, the tunnel renegotiates and reestablishes.
There are keepalives and DPD packets that can be sent to monitor the health of the VPN peer, but they work great between Cisco devices. (i'm not sure if there are incompatibility issues with other brands).
Can you check if that's the problem?
Also, are the ISAKMP phase 1 and phase 2 lifetimes set to the same value on both units?