Interoperability Fortigate and Netscreen ISG1000

Dear all,

I have an ISG1000 and a Fortigate be configured VPN site-to-site.  The operation is good but recently, traffic cannot pass via Tunnel VPN (Tunnel still up) so my customer needs to run the command "clear sa" on ISG1000 then it is OK. I checked the configuration on ISG1000 which has a command VPN monitor so I suggest they unset this part. VPN operates 1 week is ok but yesterday, the traffic cannot pass happened again. I do not have any idea in this case (route, policy is good for Tunnel).

Kindly support me to solve this problem.

Attached config Tunnel on ISG and Fortigate.

---------------------Fortigate----------------------------

config vpn ipsec phase1-interface
edit "VPN_ISG1000"
set interface "port20"
set dhgrp 2
set keylife 86400
set proposal 3des-sha1
set dpd disable
set comments "VPN_ISG1000"
set remote-gw x.x.x.x
set psksecret ENC bWFpbmMrWQE4JfORGGSDOyLJDFx0zLUkQGH12ApEmhQsgXIM8C83X9lClc0lct3BnTULV2xK0VS1c7lzxxwHpJwn7MeIADWwmlb15/zWsiftdNydN5d8LgdGoJZynwWaSNLFAWTldnQ2StjW9UHwcLkRlts8eXUZSiUr/nf73xa4qXe/0S4ONtJNy1ERnKR/NPTFSw==
next
end
config vpn ipsec phase2-interface
edit "VPN_ISG1000_Phase2"
set auto-negotiate enable
set comments "VPN_ISG1000_Phase2"
set pfs disable
set phase1name "VPN_ISG1000"
set proposal 3des-sha1
set keylifeseconds 3600
next
end

-----------------------------------------------------------------------------------

---------------------------------ISG1000---------------------------------------

set ike p1-proposal "PHASE1_VPN_TANZANIA_DCN" preshare group2 esp 3des sha-1 second 86400

set ike p2-proposal "PHASE2_VPN_TANZANIA_DCN" no-pfs esp 3des sha-1 second 3600

set ike gateway "GW_VPN_TANZANIA_DCN" address y.y.y.y Main outgoing-interface "ethernet1/3" preshare "WD88b30zNFmRQBsHWWCRtjNgf2npx6jImLGMXWJ1GF/0qGmtpSHI59A=" proposal "PHASE1_VPN_TANZANIA_DCN"
set ike gateway "GW_VPN_TANZANIA_DCN" cert peer-ca all
set ike gateway "GW_VPN_TANZANIA_DCN" nat-traversal
unset ike gateway "GW_VPN_TANZANIA_DCN" nat-traversal udp-checksum
set ike gateway "GW_VPN_TANZANIA_DCN" nat-traversal keepalive-frequency 0
set vpn "VPN_TANZANIA_DCN" gateway "GW_VPN_TANZANIA_DCN" no-replay tunnel idletime 0 proposal "PHASE2_VPN_TANZANIA_DCN" 

set vpn "VPN_TANZANIA_DCN" id 0x86 bind interface tunnel.41
set vpn "VPN_TANZANIA_DCN" dscp-mark 0