I have an ASA5508 at the main office, which has two Internet providers, and also has branches with which VTI tunnels are built. When the primary link of the ASA5508 fails, the routers switch to the backup, but when the primary link of the ASA returns, the failover does not occur, for this reason, the connection with the branches is cut off. I have to go to the router and write the command "clear crypto isakmp" and then the channel returns

I suspect that some isakmp buffer is overflowing due to which the visibility of the logical tunnel of the main VTI channel disappears

Configure a Router:

rack 1 ip sla 1 reachability
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 14
lifetime 28800
crypto isakmp key ***** address ***.***.**.***
crypto isakmp key ****** address **.***.**.***
!
!
crypto ipsec transform-set TSET esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_PROFILE
set transform-set TSET

interface Tunnel0
description tunnel to MainChanell_ASA
ip address 10.10.10.78 255.255.255.252
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination ***.***.**.***
tunnel protection ipsec profile IPSEC_PROFILE
!
interface Tunnel1
description tunnel to BackupChanell_ASA
ip address 10.10.10.154 255.255.255.252
tunnel source FastEthernet4
tunnel mode ipsec ipv4
tunnel destination **.***.**.***
tunnel protection ipsec profile IPSEC_PROFILE

interface FastEthernet4
description Outside interface to ISP
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
duplex full
speed auto
no cdp enable

ip sla 1
icmp-echo ***.***.**.*** source-interface FastEthernet4
threshold 1000
timeout 1500
frequency 3
ip sla schedule 1 life forever start-time now

ip route 192.168.0.0 255.255.0.0 10.10.10.77 track 1
ip route 0.0.0.0 0.0.0.0 ***.***.**.**
ip route 192.168.0.0 255.255.0.0 10.10.10.153 254