I am troubleshooting a VPN issue between an ASA5505 and and a checkpoint
The VPN comes up fine and all traffic outbound from the ASA (Remote Site) is working fine
However at random periods during the day inbound traffic fails - this can be up to 20 minutes. Then traffic starts to flow again.
The checkpoint admin has identified this issue
The Check Point by default tears down both the IKE and IPSec SA whenever the IKE Timer runs out while the ASA appears to only take down the IKE SA waiting to renew the IPSec SA until it times out. This causes the ASA to use an SA that is no longer available on the Check Point which results in the Check Point dropping the packets.
Is there a setting on the ASA that could resolve this solution or does the fix need to be applied on the Checkpoint.