We have the exact same problem but instead of the VPN software, we get it with connections to PIX 501's at remote offices.
The way I helped resolve this was by adjusting the keep alive as it keeps the tunnel alive but it's definately an unjustified workaround. There should be a more effective way of resolving this issue, I am sure you are fully aware of the downsides to the keep-alive resolution.
The only problem for us now is that the 515E at our central site now randomly reboots which causes the remote users and offices to disconnect. I haven't bothered posting on here regarding it because you'll never get a response however it is VERY annoying as it happens around 5 times a day (the log doesn't really show anything inparticular that will help).
Another thing I might also suggest is upgrade the PIX to version 7.2(1), this may resolve your issue.
Hope this helps, please let me know if you somehow manage to resolve it properly so that I can look into it. Hopefully it will relate or at least give me a clue to resolving my problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...