I'm currently piloting a VPN solution given the above architecture. Everything seemed to work properly in a lab environment but once I turned up a single test site the following occurs:
When the two Head Ends and the single Remote are reloaded everything works flawlessly, but after about 24 hrs one of the tunnels will go down (can't ping tunnel int, eigrp goes down, nhrp stops responding etc.) but isakmp and ipsec sessions are fine. If left unattended the second tunnel will generally follow suite sometime within the next 24hrs. This has happened consistently (including the order in which they go down) for about the last 4 reloads.
Head Ends are 2851s running 12.3(8)T6 each with a AIM-VPN/EPII-PLUS module
Remote is a 2821 also running 12.3(8)T6 with no HW encryption mod
Anyone experienced similar issues.