Hi Brian,
I may not be able to provide you a solution without taking a look at the IKE logs during the time of issue. But I can suggest you possible issues which I have seen in the past :
- Issue with Quick mode re-key. When the SA lifetime ends for phase 2, Main mode is still up but there could be issue with re-key and due to which the tunnel status shows as connected but the traffic will not pass through. When you bounce the tunnel, you can get the MM re-negotiated which brings back the traffic.
- Is your On-Prem VPN device is listed in the validated/ supported VPN vendors? (https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices#devicetable)
It is recommended to use the validated devices with the version mentioned to avoid any unknown issues.
Suggestion, can you try to maximize the phase 2 SA lifetime parameter ?
Regards,
Karthik Srinivas