Good question. I've tested "Stateful Failover for IPSec" 12.3(11)T feature on my 3825 routers (with built-in crypto accelerator disabled as it doesn't support it) and didn't like this feature.
It is topology and interface dependent. It is HSRP-based. The HSRP can run on a LAN (i.e. ethernet) only. It is difficult to configure in "transit" topology with two interfaces, because it requires HSRP state to be coordinated between the two interfaces (with mutual tracking). So, it was designed for the "on-a-stick" topology. It reboots the entire Active device at switchover when something goes wrong with it. It doesn't support load-balancing. It's a pure Active-Standby model. Some IPSec features may not be supported, but nobody can tell you which ones.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...