This problem is due to the presence of Cisco bug ID CSCsd48512.
In order for this issue to occur, the PIX Firewall must have VPN tunnels that terminate on an interface, and its peers must disconnect and then reconnect.
Note: One symptom of this problem is that the Missing SA failures field in the show ipsec stat command increments:
fw# show ipsec stat
IPSec Global Statistics-----------------------Active tunnels: 758Previous tunnels: 851185InboundBytes: 2889705611Decompressed bytes: 2889705611Packets: 101359204Dropped packets: 1807Replay failures: 6Authentications: 101357399Authentication failures: 1799Decryptions: 101357399Decryption failures: 0OutboundBytes: 1655641563Uncompressed bytes: 1656289143Packets: 101505107Dropped packets: 2472907Authentications: 101682816Authentication failures: 0Encryptions: 101682816Encryption failures: 0Protocol failures: 0Missing SA failures: 2472909System capacity failures: 0
For a workaround, perform either of these steps: