Tunnel

If the initiator is the Palo Alto Networks firewall, you can bring the tunnel up with a test from the CLI like:

> test vpn ike-sa gateway <gateway_name>  (will bring Phase 1 up)

> test vpn ipsec-sa tunnel <tunnel_name> (will bring Phase 2 up)

Yes that what I was trying to do and it did not come up, I think mario hit it on the nail with the SA's

You said you're connecting the PA to an ASA? I would only recommend this for troubleshooting, but have you tried aggressive mode? When I used to work with ASAs, once upon a time, I found that different vendors didn't play well with ASAs (or vice versa, however you choose to look at it). I had to use aggressive mode. Which I don't recommend btw because they are less secure because plain text is used and reveals data about the endpoints. I'd say it's worth a shot though to see if that stabilizes the tunnel. Just a thought. Do you have other tunnels connecting to ASAs or just this one?

Correct the other tunnels I have are also connectingfrom PA to ASA 5505 and using main mode. I have not used aggressive mode for the reason you just stated. It appears to be a very regular pattern of going off in the afternoon and back on the next day.

What do the PA logs show during this time. Can you tell from the logs who is disconnecting or dropping the tunnel?

I have been trying to search for the time when it actually dropped but I havent; found it yet. Is there a way on the PA to determine who dropped the traffic?

Under system logs, search using the filter "( subtype eq vpn )". I'm not sure what event you would be searching for but this should be a good start. Using this filter and searching during the time it goes down should help you find what you are looking for. Good luck!

I think this is when it is succeeding

and ( description contains 'IKE phase-2 negotiation is succeeded as responder, quick mode. Established SA: 66.94.196.107[500]-66.94.196.108[500] message id:0x1D8ADE40, SPI:0xB1874737/0xCB7EC37F.' )