If nothing has been changed (Config/ upgrade or anything) in the recent past and the setup was stable for 18 months, i would only suspect some hardware failure. Isolate the problem by replacing the hardware.
After calling TAC, they determined that I was just fortunate that it didn't happen more often or earlier. It wasn't hardware at all, but rather I had the same access-list # for 3 different VPN'd networks. And, I had the same crypto map # for those same 3 different VPN end points.
For example: this is what I had (an example only)
access-list 100 permit ip 10.0.0.0 255.0.0.0 126.96.36.199 255.0.0.0
access-list 100 permit ip 10.0.0.0 255.0.0.0 188.8.131.52 255.0.0.0
access-list 100 permit ip 10.0.0.0 255.0.0.0 184.108.40.206 255.0.0.0
crypto map mapname 10 ipsec-isakmp
crypto map mapname 10 match address 100
crypto map mapname 10 set peer
TAC said to have a different access-list for each crypto map match address line and a different crypto map match address line for each remote endpoint. So I kept the existing access-list 100's for the nat "zero" statement, but added 110, 120 & 130 for each different crypto map 20, 30, 40 endpoint statements.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...