Fortinet Community

When an IPSec tunnel is created between FortiGate and Cisco ASA, they have different Phase 2 settings by default.

On FortiGate, the default setting is that the Key lifetime is in seconds, so Phase 2 will rekey after the time specified here.

The Key lifetime in kilobytes (Rekeying after a specific amount of traffic flows through the tunnel) is disabled by default but can be changed if needed.

The image below shows what the default setting looks like:

It is possible to change it by selecting 'Seconds' and choosing Kilobytes or both.

On Cisco ASA, the default setting is set to 4608000 kilobytes/3600 seconds.
So whichever of them is reached first, triggers a rekey from the Cisco Side.

To not have the rekeying triggered by the amount of data flowing through the tunnel,  change the setting on the Cisco Side.

Here is an article with more information on this:
https://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike-protocols/214230-confi...

set security-association lifetime kilobytes unlimited

After changing the setting on the Cisco Side, the rekey happens after the time mentioned in the Phase 2 setting.
Also, make sure that the time is the same on both FortiGate and Cisco.