Hey Matt,
Disabling ip cef works most of the time, however, if you have other services on that router, you cannot always go away from CEF.
Configuration guide for CEF support using IPSEC:
http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_vpn_ipsec.html#wp1047537
As you can see there are a few tricks to overcome this problem, but if you don't use MPLS or some other CEF dependent applications (AutoQoS, Protocol discovery) you can just disable CEF globally.
Please rate if this helped.
Regards,
Daniel