IPSec connection suddenly stops passing traffic or is intermittent
If the tunnel times are greater than 4 hours
If Phase 2 time is greater than Phase 1 time
Dead Peer Detection is disabled
Web Security Service
"Important: Symantec has seen outages occur if the Phase 2 Timeout value is set to longer than four (4) hours. If the current setting is less than four hours, you can leave that value. Otherwise, adjust the time. The screenshots in the following procedure might not reflect this advisory."
Set the Phase 1 time out value to under 8 hours (48000 seconds) and Phase 2 time out value to under 4 hours (14400 seconds).
Also, enable Dead Peer Detection and disable NAT Traversal.
View the document for more information depending on your VPN Connection
If this does not resolve the issue, please collect your Firewall Logs and refer to the document