Nothing shows in "show crypto isakmp sa". I did not check "show crypto ipsec sa",but since I can see the IPSEC Flow in "show crypto session", I think it should be able to see the spi and just no enc/dec data.
There is a ICMP montoring from our end to remote end, when phase 1 expire, it should be reset by this icmp traff
If you can't pass traffic, seems like there are SAs mismatched between this site and others, ie: this site might have had the SAs cleared, while remote sites are still sending data on the old SAs. Not until you clear or reset the SA on remote sites, it started to negotiate for the new SAs.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...