Looking through similar posts, I have not found a solution for this particular problem:
I have a remote location with 857 and (C850-ADVSECURITYK9-M), Version 12.4(6)T5 and a CO location with 5520 and Software Version 7.1(2) connected through the Internet by IPSec tunnels.
ACLs that define interesting traffic on both sides include 3 subnets that should be accessible behind ASA's inside interface: 172.16.0.0/16 192.168.105.0/24 and 192.168.3.0/24
The configs are included in attachments. The whole thing works, network behind the remote 857 sees the 3 subnets in CO and vice versa, until at some point ASA decides that it does not like one of the defined subnets and starts tearing down connections between it and the remote network. For example, today it decided it no longer likes connections between 192.168.223.0 (remote) and 192.168.105.0 (behind inside interface) networks, while the connections to 172.16.0.0 and 192.168.3.0 keep working fine. That's after a year of normal operation.
We've had such an issue at several remote locations already and it comes down to no matter what you do - kill SAs, remove and rebuild crypto maps, reload the remote end.. nothing helps until you reload the ASA. You reload the ASA and whoom! it works again. All networks defined are allowed to pass.
Since the communication is business critical, I would very much like to solve the problem without having to reload the central ASA every time it suddenly decides to stop passing traffic between one of the 3 critical subnets and a remote network.
I'd like to note that, overall, the configs work fine. At times when the ASA starts dropping networks, no new access-lists or configurations are added to it.