I have tried with no VPN monitor. User connections still drop.
As for explaining the problem, let me try again:
If a user behind the firewall has a client/server connection such as SSH or a database client program open to a system on the other end of the VPN, that connection will get dropped when the IKE Phase 2 lifetime expires and the two routers renegotiate. If the user connection is actively sending data, then maybe it will survive, but if it is idle for a short time before the phase 2 expiration, it will get dropped. This never happened when we had Cisco to Cisco tunnels. Users could leave things open all day and they would not drop.
By using 'get session src-ip x.x.x.x' before and after the phase 2 renegotiation, the session is there before,but gone afterward.
You can't be saying that sessions must be ALWAYS sending data in order to not get dropped! You never know exactly when the phase 2 lifetime will end and there is always some amount of idle time in a session. This can't be right.
Maybe it's a Cisco interoperability issue, but the same thing happens between the SSG-20 (v6.1) and an NS-5GT(v4.0).