We are having site-to-site vpn between US (Cisco ASA-5510) and india (netscreen).
Recently we have changed the ISP.
Therefore, we have changed the peer end IP after that we have upgraded the US end ASA from 7.2(3) to 8.0(4).
After this upgradation, we are facing every 4 plus hours the tunnel is going down and we have to refresh the tunnel afterwards it is coming up. We have not faced this issue when we are having image 7.2(3).
We checked by changing the lifetime at both the side but no luck.
On Cisco ASA,we have terminated 6 tunnel but for other tunnel we are not having any problem.
You have done some good timing calculation that is going to help you resolve the issue, I think.
Eventhough your main issue is tunnel going down, you bring up a good observation, that is tunnel going down every 4 hours. One thing that comes to my mind is ARP Default Timer, which is 4 hours. So, your issue may not be related to IPSEC Tunnel but ARP and Asymmetrical routing. Check your L2 and L3 connectivity to see if there is a chance that the ARP Entry times out after 4 hours and you do something that forces the L3 device to relearn the ARP Entry and forward traffic.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...