I'm having problems with routers using ExVPN client connected to a pair of load-balanced ASA 5520's periodically not passing traffic accross the tunnel.
What I'm seeing is that the tunnel never goes down (show cry isa sa) shows the tunnel up on both ends, but I can't ping anything from the router side or the ASA side. To temporarily fix the problem I force a logoff via the ASDM, the routers connect right back up to the ASA and start passing traffic.
I have about 20 sites and typically they will pass traffic for 4 to 6 hours then stop passing traffic for 4 hours, then start back up for 4-6 hours I believe they will keep repeating this indefinitely but I only had a weekend to test. What is interesting is that they will all stop passing traffic at different times 7:30pm 7:40pm , But they will all start passing traffic at the exact same time (based on our network monitoring software).
If I remove load-balancing from the ASA's and change the peer address on the client to the physical address of the ASA, these problems go away .
Cisco 871 EzVPN clients in NEM 12.4.24.t2
ASA's are on 8.2.2