I have a configured vpn to one of our customers has always worked properly with the setup you have, since last week began to fail without any change in either side was performed.

  Executed a crypto ipsec debug crypto isa and debug and I have no output from the console. The only way that I have some debug output is to eliminate cryptomap interface and reconfigure it already looks as follows:

001965: *Nov 11 16:08:05.484 UTC: IPSEC: Expand action denied, notify RP

001966: *Nov 11 16:08:05.484 UTC: IPSEC: Expand action denied, notify RP

001967: *Nov 11 16:08:05.484 UTC: IPSEC: Expand action denied, discard or forward packet.

001968: *Nov 11 16:08:05.484 UTC: IPSEC: Expand action denied, discard or forward packet.

ptkccs-border-00#sh crypto isa sa

IPv4 Crypto ISAKMP SA

dst             src             state          conn-id status

IPv6 Crypto ISAKMP SA

Running sh crypto session appears as follows:

ptkccs-border-00#

001973: *Nov 11 16:10:04.508 UTC: No peer struct to get peer description

001974: *Nov 11 16:10:04.508 UTC: No peer struct to get peer description

001975: *Nov 11 16:10:04.508 UTC: No peer struct to get peer description

001976: *Nov 11 16:10:04.508 UTC: No peer struct to get peer description

My other side of the vpn client is an ASA, they have not changed the settings, acl match, but they receive no negotiation from my router.

In addition to removing and placing acl permit ip any any, it is possible to see that phase 1 is completed but is not fully complete Phase 2.

  Placing permit ip any any test was only because the place that I lose internet traffic and other services.

  What could be happening if everything was working properly and there is no change in configuration.

Now we delete the whole configuration and reconfigured, and perform an upgrade of equipment, and nothing.