It sounds like it may be a tunnel issue ... When my DSL line at home has a short issue, i also see the VPN tunnel flapping, and sometimes longer than the DSL flapping ... I configured an IKEv2 tunnel with one dynamic endpoint (at home) and one endpoint with static address (at work) both terminating on a Cisco ASA (firmware 9.9.2 interims version) on both sides of the tunnel (5506-X on "dynamic side" and 5515-X on "static side").
dear juergen !
thanks for reply appreciate it both side lan one side 5585 with 100 of object groups and remotes sites all with 5505 ASA both side is static:
crypto ipsec ikev1 transform-set ESP-AES-256 esp-aes-256 esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto map ESP-AES-256 5 match address Lan-site
crypto map ESP-AES-256 5 set peer 10.0.0.1
crypto map ESP-AES-256 5 set ikev1 transform-set ESP-AES-256
crypto map ESP-AES-256 interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 5
thanks to reply M0ng00se !
no when the time out start fro a 10 second the tunnel is stable encrypting and both ASA interface WAN and Lan site is pingable but it does not pass the traffic toward the router then all the remote site shows down and can't log in to router but ASA it is now bypassed on router it think it have hardware issue but looking for any new experience that i may be wrong.