we have a site-to-site IPSec tunnel between ASA5510 in our datacenter and ASA5510 a customer's datacenter. the tunnel was been up for years without any issue. There is another firewall at the customer's premises in front of the ASA5510. recently, the tunnel started going down after a few hours and there are two things we can do to re-establish the connection. one is to reload one of two ASA on either side or change ipsec setting such as NAT-T to enabled (or disabled), then the tunnel comes right back up but the outage happens again.
what could this be? we tried to fix this for two weeks now and I've decided to reach out the collective wisdom of this community. please help us!
Re: loss of site-to-site connection after 3 ~ 5 hours
Are you using NAT-T (udp/4500) or "straight" udp/500 + ESP/AH?
If you're not using NAT-T maybe the problem with this is connection for IKE expiring on the firewall in front? Maybe extending the timeout for udp/500 could help? On ASA/FWSM default timeout for UDP is 2 minutes of inactivity.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...