VPN Tunnel Renegotiation Every Morning

I am not extremely savy with firewalls and was hoping someone here could point me in the right direction.
I have two Sonicwalls that have VPN tunnel connected to a client on each. I know the client has ASA's. For the past few weeks I am having to deactivate and reactivate the policy every morning. Also having to renogiate to get it back working.
Any ideas why this is happening? All my other tunnels work fine all the time.
Appreciate any feedback.
I have two Sonicwalls that have VPN tunnel connected to a client on each. I know the client has ASA's. For the past few weeks I am having to deactivate and reactivate the policy every morning. Also having to renogiate to get it back working.
Any ideas why this is happening? All my other tunnels work fine all the time.
Appreciate any feedback.
Comments
I dont know about sonicwall, but cisco gear only brings the tunnel up when traffic is detected, and after some time with no traffic over the tunnel, it is brought down.
"Enable Keep Alive - Allows the VPN tunnel to remain active or maintain its current connection by listening for traffic on the network segment between the two connections. Interruption of the signal forces the tunnel to renegotiate the connection."
Interesting...Look, for me it seems that one side is stuck with the "old" tunnel up, while the other side brought it down already.
Is it possible to schedule a troubleshoot session with your partner? Check the behavior on both sides before resetting the tunnel.
Also, check for logs in the ASA looking for encrypted traffic, it always helps a lot (not familiar with sonicwall here).
Also, you can check the encaps/decaps and phase 2 status and try to find any abnormalities on the traffic over the tunnel.
http://www.tunnelsup.com/images/IKE_Phase1_MSGs.png
(as mentioned by d4nz1g)
The vpn lifetime on cisco ASAs are 86400 seconds (1 day) by default. What are the default security associations on Sonicwall firewalls?
Also,
clear crypto isakmp sa
clear crypto ipsec sa
Drops the VPN momentarily, occasionally used for troubleshooting
have you had any issues this morning? did you get any logs, or something you can share?