You haven't included enough in your configs to troubleshoot this.

Your crypto ACL's probably don't match.  Therefore it doesn't look like phase 2 is ever coming up.  When you say that the "tunnel currently works fine..." are you showing encaps and decaps on both sides of the tunnel?  I doubt you are.  You could be because I've seen intermittent problems during phase 2 negotiation.  Sometimes it'll work, sometimes it won't.

Also, I wouldn't doubt that there could be something wrong with your NAT's (or they could be just fine, no clue).  Once your crypto acl's match, you need to take this back to the basics and think about a packet from source, through the phase 2 tunnel, to the destination, and what's happening and where it's happening.  I can't follow your NAT's -- as I've never seen them written like that, and nowhere near enough information for me to try to understand it currently.  Ensure your source and destination are what you would expect at each step of the transmission.  '# sh log | inc' on the remote side will be your friend here.

I troubleshoot these half-blind at work all day pretty much with folks on the other end of the line.  The only thing I have going for me in that case is that the local end, I can pretty much guarantee is correct before I even start the phone call.

Hi David and thanks for your answer. I attach config from both firewalls.

You are probably right about that the problem is not with the tunnel itself since it still works between fw1 client network to fw2 server network once it stopped working between the two server networks.

It all start working again if I run clear crypto isakmp sa on both firewalls.

!-- I feel like in your PIX fw -- your net-remote portion of crypto acl is wrong (I feel like those are not going to be transmitted as subnets for ike phase 2 negotiation).
!-- Why are they being defined like that anyway?  It may not be the problem, but why risk it?
!-- Where are you getting these peer addresses from?  (clearly these must be right?  otherwise phase 1 wouldn't come up???)

!-- In your crypto isakmp/ikev1 policy definitions, you have 1 on each device with lifetime 86400
!-- but your dh group # is mismatched.  One is a 2, one is a 5.  I feel like these should match.
!-- although i've never troubleshot and saw a mismatch here like this.

That's just from briefly looking your configs over.
If you make corrections and still having problems, you need to generate traffic and provide full
#show log of both ASA's including the ASA that is sending delete/delete command and the reasoning that will be
on the line above that.

Can you please send me a set by step guide and I will setup the tunnel from scratch. I was previously following Cisco ASA Site-to-Site VPN Configuration (Command Line): Cisco ASA Training 101

Your stuff looks sound.  I'm just saying not to take the risk of defining your crypto's with weird names that reference those PIX hosts or subnets.  And make sure they match 100% side to side.

Does your phase 1 tunnel come up?

If you generate interesting traffic and type "#show crypto ipsec sa peer x.x.x.x" on both sides -- do you see the peer relationship?

If yes, what do both sides say for encaps and decaps?

do the command #show log -- and include the information as to what is failing.

--

See the part in his video at around 3:30 where he's defining subnets with object network.  Then he defines it as being named net-local and subnet 192.168.x.x 255.255.255.0 -- That is the part I would like to see on both sides of yours to ensure phase 2 negotiation can occur.  Like I said, that may not be the problem, any time I've seen a PIX, I've kind of steered clear to be honest.

I think I'm victum to bug... CSCtq57752

The workaround to the bug is to lower the crypto map's timed lifetime and increase the crypto map's traffic volume threshold:
crypto map *YOUR-CRYPTO-MAP ID* set security-association lifetime seconds 3600
crypto map *YOUR-CRYPTO-MAP ID* set security-association lifetime kilobytes 2147483647

The tunnel have been working for over 3h and 13GB of data have been transfer so far.