Dropping connections/sessions between ASA and Watchguard tunnel

[Deskey123]

I have a Watchguard Firebox III/700 configured with a BOVPN and connecting to a peer Cisco ASA 5510 for our tunnel. I noticed on the Watchguard interface under "Status Report", there are over 10,000 IPSec errors. Users are constantly complaining that they lose their sessions to applications servers at the remote end datacenter (behind the Cisco ASA).

I've tried troubleshooting this to death to no avail. Many users are still dropping connections and sessions to the remote site. I changed the interface settings for both the Watchguard and ASA so they're the same (100MB Full Duplex) as I noticed there were thousands of collisions. Now their's no collisions.

What do you all recommend for my phase 1 & phase 2 settings on the Watchguard? What about the ASA? I currently have them on ESP-3DES-SHA1. What about SA lifetime values? NAT-T, etc... Any info would be GREATLY appreciated.

 

[brianinms]

I haven't had good luck with Watchguard firewalls. In addition the duplex of the interfaces is irrelevant if its a VPN, except for the local connections. Your encryption settings are fine, however I would check your internet connection.