I currently have seven site-to-site VPN's configured. With the exception of the 1 that I can control both sides of, they all drop intermitingly.
To simplify this question I want to focus on one of these tunnels.
My side is an ASA5520.
The other side is a Checkpoint Device.
The tunnel will drop approx. one a day though the time of day varies.
As a measure of network stability,one of the other tunnels has both endpoints using Cisco hardware, ASA5520 and a 2811 router. This tunnel has been up for several weeks.
I have confirmed to the best of my knowledge that the Phase 1 and Phase 2 timers both match.
Attached is a log snippet showing the rekey negotiations that always seems to precede the tunnel dropping.
Any thoughts would be appreciated.
I am attempting to capture additional debug data and will post when I do so.
After running 'debug crypto isakmp 254' for several hours I captured 3 phase II rekeying events. Neither caused the tunnel to drop.
However I did notice that they were occurring exactly 51 minutes apart even though the Phase II rekey duration timer is set to 60 minutes.