250 remote sites use ezvpn to connect back to ASA 5520. Tunnels show active but do not pass any IP traffic. The only way to resolve issue is to "clear crypto ipsec sa". Has happened twice in the last 3 days. Logs show messages of denying traffic for ex:
Feb 11 2008 14:42:42: %ASA-3-106014: Deny inbound icmp src outside:172.16.123.205 dst inside:x.x.x.x (type 8, code 0)
Feb 11 2008 14:42:42: %ASA-2-106006: Deny inbound UDP from x.x.x.x/2442 to 172.16.124.129/161 on interface inside
Running 7.2(2) code. Has anyone seen this before and know what the problem is?
Thanks