Comment 5 for bug 759097

The bug description seems to point to a NAT state expiration problem. If anyone is affected by this I'd recommend enabling DPD on their IPsec connections as this will keep the NAT states from expiring. DPD works by sending "R_U_THERE" packets at regular intervals and those keep the connection alive. DPD could also restart the connection after it failed.