My organisation has a number of overseas offices. We have a Cisco VPN 3015 Concentrator at head office. Our overseas offices have a variety of PIX 506e and ASA 5505 which are used as VPN endpoints.
At the head office we have two subnets - 22.214.171.124/21 and 172.16.9.0/24. The larger subnet is the general network for users, printers etc, with two domain controllers. 172.16.9.0/24 houses the rest of our servers.
Three of our offices, one using a PIX 506e and two using ASA 5505, perdodically lose connectivity to hosts in the 172.16.9.0/24 subnet, but not to hosts in 172.16.0.0/21 network. This can sometimes be recovered by reloading the config of the endpoint device. Sometimes it recovers by initiating traffic (for example ssh'ing to the endpoint, then doing ping inside 172.16.9.1). Sometimes the connection comes back by itself.
The other 8 offices do not have this problem. I can find no significant difference in the config on the endpoints.
I'm not really sure the best steps to take to troubleshoot this further. Has anyone else come across a problem like this?