The most likely cause of this freeze and blue screen (which I do think are releated) is an application losing connectivity through the VPN Client. My first guess would point at their SQL application or the Trend Micro because they seems to be the non standard applications that they have running during the episodes. We would definitely have seen this before if Outlook or IE were causing the issue. There is an outside change that the Epic or software might be having a problem, but it isn't as likely.
Here are a number of "separate" test scenarios that they could set up individually with various workstations:
1) Since they are using a third party virus package, they can remove the one from the VPN Client in case it might be conflicting. Have them find and delete the "vsdata.dll" file. This is the firewall library for the VPN Client. The VPN Client will not be able to use Stateful Firewall or any CPP policies but they probably aren't using them anyway. We have had issues with Trend Micro and this package before.
2) Connect up as you normally would and utilize the various applications through the VPN Tunnel. Instead of closing out normally, disrupt the connectivity between the workstation and Internet. This should NOT be done by unplugging the workstation directly. This would cause the interface to drop. What we want is a disruption of traffic with the interface still up. So it would be like unplugging the other side of a broadband router so that it still had link with the workstation but not with the Internet.
Then try a query with the various applications. There is a 90 second default window (set by the Peer Timeout in the VPN Client profile) before the VPN Client gives up on connectivity and brings the tunnel down. In one case let the VPN Client terminate and see how the applications behave.
In another case restore the Internet connection after 30 seconds so that it can recover. Observe how the applications behave.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...