I have an ASA IPSec tunnel configured between an ASA5505 and Microsoft TMG 2010 SP2.
The tunnel sometimes works for a few hours, and then disconnects, and other times it works for 5 minutes and then disconnects.
When it disconnects, it sometimes takes 10 minutes to re-establish the SA, sometimes takes 45 minutes to re-establish the SA.
I have a suspicion one side of the tunnel is re-keying the connection and the other isn't, but I don't really know how to troubleshoot this. Troubleshooting from the ASA end is substantially easier than troubleshooting from the TMG end due to the obtuse nature of getting this information out of TMG; although I suspect that the TMG is where the problem lies.
Where can I go in the ASA to determine why the IPSec tunnels are dropping?