VPN tunnel keeps dropping connections/sessions

[Deskey123]

I have a Watchguard Firebox III/700 configured with a BOVPN and connecting to a peer Cisco ASA 5510 for our tunnel. I noticed on the Watchguard interface under "Status Report", there are over 10,000 IPSec errors. Users are constantly complaining that they lose their sessions to applications servers at the remote end datacenter (behind the Cisco ASA).

I've tried troubleshooting this to death to no avail. Many users are still dropping connections and sessions to the remote site. I changed the interface settings for both the Watchguard and ASA so they're the same (100MB Full Duplex) as I noticed there were thousands of collisions. Now their's no collisions.

What do you all recommend for my phase 1 & phase 2 settings on the Watchguard? What about the ASA? I currently have them on ESP-3DES-SHA1. What about SA lifetime values? NAT-T, etc... Any info would be GREATLY appreciated.

 

[sillyVM]

My personal feeling is watch guard has really bad tech support. Also I have a device just shut it down itself and has to reset sometimes. With no errors what so ever, very annoying.

 

[Helenp1983]

With our old firebox III/1000 we use to setup a ping -t from one of our servers to cross the VPN to keep it open

You could set the sa to 24 hour

My predisesor use to setup connections to Cisco Pix, using DES- MD5 phase 1 & 2. He said it wasn't reliable using 3DES with Cisco pix?? (not sure it true, i have no porblems with the new x1250e firewalls)

Also set the diff helman to 2 and no pfs on phase 2
Cisco's have more difi helman numbers that watchgaurd