We have an ASA 5505 that is configured for EZ VPN remote. If we assign it a static ip for its outside interface in our test lab, it stays up. When we take it out to the remote site, which has a FiOS connection with a dhcp address for the outside interface, it drops every hour. When we put a pix out there, it stays up. A sh crypto isakmp sa on the remote side shows a AM_WAIT_MSG2 (when the ASA is in place and the tunnel fails) I have to reboot the ASA, and then the tunnel will come back up. For an hour. Has anyone else seen this type of behavior? It has been very frustrating, and I have a tac case, but they said the configuration looks fine.
Today is your lucky day. I had this exact problem with my ASA5505 on my FiOS connection. Apparently Verizon will ping your device before it will allow you to request or renew your IP address. When your ASA first comes online they can ping it because you have ICMP enabled on the outside and the VPN tunnel is not up. Once the tunnel is established and you are not using split tunneling they can no longer ping your ASA. If you drop the tunnel the dhcp lease will not expire. What I had to do was enable split tunneling on the vpn group that I was using for the ASA and enable ICMP on the outside interface. After that the ASA would stay up for good.