I have a site to site VPN tunnel set up between to Cisco ASA 5516x's. The tunnel holds up well (24 hours+) while there is no load on it (just my monitoring pings). As soon as I try and copy data from one site to another across the tunnel it drops within about a minute or so. Upon further investigation, when this happens the two firewalls can no longer see each other (i.e. pings from one to the other on external IP's both fail). The firewalls are still online from elsewhere on the internet (i.e. I can ping them both from a different network fine). Its just the two firewalls can no longer talk to each other. After between 1-10 minutes the firewalls can see each other again and the tunnel comes up and everything is fine until I put load on it again. I can reproduce the issue at any time by just putting load on the tunnel (by attempting to copy GB's of data across).
We are investigating a number of things at the moment. It feels like some kind of traffic shaping or routing issues but really not sure. If anyone has seen this before or has any ideas that could point me in the right direction to investigate further that would be greatly appreciated.
Do you have a limit on the traffic volume set in the SA lifetime?
If you run the command show run | in lifetime it should show your SA lifetime setting for the tunnels. I would try setting it to unlimited and testing again.
thanks for your help. I had already configured the traffic volume to unlimited so shouldnt be that one I dont think.