This occurs in an existing LAN-to-LAN connection between a router and a remote IPSec peer, where the IPSec peer address is the crypto map interface. The crypto map interface is also defined for Port Address Translation (PAT). If a VPN Client connection is made through the crypto map interface to the same remote IPSec peer, then the existing LAN-to-LAN connection is broken because all User Datagram Protocol (UDP) 500 packets are now translated to the new PAT translation. This is a re-occurrance of Cisco bug ID CSCeb31945.
This issue is also documented in Cisco bug ID CSCsc80859.
For a workaround, change the IPSec peer source IP address to be a loopback interface. Issue the crypto map xxxx local-address loopback 0 command.
Change the remote IPSec peer address for either the LAN-to-LAN or remote access connection.
Define a static port mapping of UDP 500 to UDP 501 for the VPN Client connection.