We are experiencing some strange behavior with a site-to-site IPsec VPN that goes down about every week for 30 minutes (Iam told 30 minutes exactly).
I don't have access to the logs, so it's difficult to troubleshoot.
What is also strange is that the two VPN devices are set to use SHA hash algorithm but apparently end up agreeing to use MD5.
Does anybody have a clue? or is this just insufficient information?
Edit:
Here is an extract of the log of one
of the two VPN devices, which is a
Cisco 3000 series VPN concentrator.
  27981 03/08/2010 10:02:16.290 SEV=4
  IKE/41 RPT=16120 xxxxxxxx  IKE
  Initiator: New Phase 1, Intf 2, IKE
  Peer xxxxxxxx local Proxy Address
  xxxxxxxx, remote Proxy Address
  xxxxxxxx, SA (L2L: 1A)
  
  27983 03/08/2010 10:02:56.930 SEV=4
  IKE/41 RPT=16121 xxxxxxxx  IKE
  Initiator: New Phase 1, Intf 2, IKE
  Peer xxxxxxxx local Proxy Address
  xxxxxxxx, remote Proxy Address
  xxxxxxxx, SA (L2L: 1A)
  
  27986 03/08/2010 10:03:35.370 SEV=4
  IKE/41 RPT=16122 xxxxxxxx  IKE
  Initiator: New Phase 1, Intf 2, IKE
  Peer xxxxxxxx local Proxy Address
  xxxxxxxx, remote Proxy Address
  xxxxxxxx, SA (L2L: 1A)
  
  [… same continues for another 15
  minutes …]
  
  28093 03/08/2010 10:19:46.710 SEV=4
  IKE/41 RPT=16140 xxxxxxxx IKE
  Initiator: New Phase 1, Intf 2, IKE
  Peer xxxxxxxx local Proxy Address
  xxxxxxxx, remote Proxy Address
  xxxxxxxx, SA (L2L: 1A)
  
  28096 03/08/2010 10:20:17.720 SEV=5
  IKE/172 RPT=1291 xxxxxxxx  Group
  [xxxxxxxx] Automatic NAT Detection
  Status:    Remote end is NOT behind a
  NAT device    This   end   IS   behind
  a NAT device
  
  28100 03/08/2010 10:20:17.820 SEV=3
  IKE/134 RPT=79 xxxxxxxx  Group
  [xxxxxxxx] Mismatch: Configured
  LAN-to-LAN proposal differs from
  negotiated proposal. Verify local and
  remote LAN-to-LAN connection lists.
  
  28103 03/08/2010 10:20:17.820 SEV=4
  IKE/119 RPT=1197 xxxxxxxx  Group
  [xxxxxxxx] PHASE 1 COMPLETED
  
  28104 03/08/2010 10:20:17.820 SEV=4
  AUTH/22 RPT=1031 xxxxxxxx  User
  [xxxxxxxx] Group [xxxxxxxx] connected,
  Session Type: IPSec/LAN- to-LAN
  
  28106 03/08/2010 10:20:17.820 SEV=4
  AUTH/84 RPT=39  LAN-to-LAN tunnel to
  headend device xxxxxxxx connected
  
  28110 03/08/2010 10:20:17.920 SEV=5
  IKE/25 RPT=1291 xxxxxxxx  Group
  [xxxxxxxx] Received remote Proxy Host
  data in ID Payload: Address
  xxxxxxxx, Protocol 0, Port 0
  
  28113 03/08/2010 10:20:17.920 SEV=5
  IKE/24 RPT=88 xxxxxxxx Group
  [xxxxxxxx] Received local Proxy Host
  data in ID Payload: Address
  xxxxxxxx, Protocol 0, Port 0
  
  28116 03/08/2010 10:20:17.920 SEV=5
  IKE/66 RPT=1290 xxxxxxxx Group
  [xxxxxxxx] IKE Remote Peer configured
  for SA: L2L: 1A
  
  28117 03/08/2010 10:20:17.930 SEV=5
  IKE/25 RPT=1292 xxxxxxxx Group
  [xxxxxxxx] Received remote Proxy Host
  data in ID Payload: Address xxxxxxxx,
  Protocol 0, Port 0
  
  28120 03/08/2010 10:20:17.930 SEV=5
  IKE/24 RPT=89 xxxxxxxx Group
  [xxxxxxxx] Received local Proxy Host
  data in ID Payload: Address xxxxxxxx,
  Protocol 0, Port 0
  
  28123 03/08/2010 10:20:17.930 SEV=5
  IKE/66 RPT=1291 xxxxxxxx Group
  [xxxxxxxx] IKE Remote Peer configured
  for SA: L2L: 1A
  
  28124 03/08/2010 10:20:18.070 SEV=4
  IKE/173 RPT=17330 xxxxxxxx  Group
  [xxxxxxxx] NAT-Traversal successfully
  negotiated! IPSec traffic will be
  encapsulated to pass through NAT
  devices.
  
  28127 03/08/2010 10:20:18.070 SEV=4
  IKE/49 RPT=17332 xxxxxxxx Group
  [xxxxxxxx] Security negotiation
  complete for LAN-to-LAN Group
  (xxxxxxxx) Responder, Inbound SPI =
  0x56a4fe5c, Outbound SPI = 0xcdfc3892
  
  28130 03/08/2010 10:20:18.070 SEV=4
  IKE/120 RPT=17332 xxxxxxxx Group
  [xxxxxxxx] PHASE 2 COMPLETED
  (msgid=37b3b298)
  
  28131 03/08/2010 10:20:18.750 SEV=4
  IKE/41 RPT=16141 xxxxxxxx  Group
  [xxxxxxxx] IKE Initiator: New Phase 2,
  Intf 2, IKE Peer xxxxxxxx local Proxy
  Address xxxxxxxx, remote Proxy Address
  xxxxxxxx, SA (L2L: 1A)
  
  28135 03/08/2010 10:20:18.870 SEV=4
  IKE/173 RPT=17331 xxxxxxxx  Group
  [xxxxxxxx] NAT-Traversal successfully
  negotiated! IPSec traffic will be
  encapsulated to pass through NAT
  devices.