Sorry for the delay,

I have two tunnels that pretty much mimmick each other. However, one tunnel stays up whether traffic is flowing through it or not, and the other tunnel only comes up if traffic is flowing through it.

How is that possible if they are pretty much mirrored after each other?

Any idea?

The way to see if indeed traffic is not g oing through it is with the "show crypto ipsec sa" this will show you if packets are being encrypted or not, if you see a consistent amount of packets increasing then something is still passing traffic. On the other hand remember that every tunnel has a lifetime which tells how long will it be up regardless on whether the packets are passing or not, you could also configure and idle lifetime to bring the tunnel down after it has been inactive for a while.

The show crypto ipsec sa for this tunnel will show you the remaining lifetime, in this case the lifetime will have to be expired in order for the tunnel to be torn down regardless of activity or not, it usually is around 8 hours.

i have the lifetime at 86400 for the policy, here is the config..

crypto isakmp policy 20

authentication pre-share

encryption aes-256

hash md5

group 2

lifetime 86400

crypto map OUTSIDE_VPN_MAP 51 match address DALLAS_ARCHIVE

crypto map OUTSIDE_VPN_MAP 51 set peer 123.123.123.123

crypto map OUTSIDE_VPN_MAP 51 set transform-set ESP-AES-256-MD5

crypto map OUTSIDE_VPN_MAP interface outside  

i dont see a idle timeout, unless, can the other end have it set to idle timeout, or does it have to be on both ends of tunnel?

Isakmp policy lifetime is only used for IKE,  the IPSec lifetime if not configured is 28800 seconds by default and it is configured under the crypto map, issue a show run all crypto to see it, as for the idle time, the best practice is to configure it on both sides.