In our organization, we have 15 Cisco 3000 series concentrators. We have roughly 20,000 laptop and some desktops connecting in to these concentrators all using version 4.0.2b. Over the past 8 months we have had 3 concentrators replaced with the new ASA (replacinf the old 3000 series). Starting about a month ago, we started receiving call from the users stating they were not able to get to any Internal network resources (Internet Explorer, Exchange, etc)after making the VPN connection to one of the new ASA concentrators. If we have these users disconnect from the ASA and connect to the 3000 series concentrators, all works again. We have been told, this was probably a version (4.0.2b) mismatch with the ASA. Changing everyones (remember 20,000) client from 4.0.2b to a newer one is not a real option. Replacing them through attrition is more feasible. My question to our knowledge nothing changed on the ASA (it did work for over 7 months) and nothing we are sure about changed on the laptops or desktops (other than microsoft patches). But we have machine without the patches also reporting the issue. Thoughts??