We have 100+ IPSEC VPN tunnels configured out to remote locations.  This is a new project - about six months old - and from the start, these tunnels would inexplicably drop.  Many times they would just restore themselves - sometimes in a few minutes, other times in a few of days.  We have had several cases where the tunnel drops, the interet still shows up after logging on to the provider's modem, but the only way to get them back up is to replace the provider's modem.  Configuration and modem type exactly the same.  Nothing appears to change on their end after the swap, but our tunnels immediately come up with the new "identical" modem.  In all these cases, we have been able to login to the provider modem and confirm the internet connection shows up (and we can ping it from the public network).  I.E. from telco's perspective, there is nothing wrong and it is working.

We get the following errors on the state of the connection while the tunnels are down (internet connection still good)

Branch-side ASA 5505 error on the tunnel:  AM_TM_INIT_XAUTH_V6C           

Core-side ASA 5510 error on the specific tunnel:  AM_TM_INIT_MODECFG_V6H

Some research has turned up some information about possible fragmentation issues caused by telco making changes to their network.  All of these problematic sites are over CenturyLink DSL.  We have cable sites that have experienced no problems, so it does seem to point at CenturyLink.  However, I've been around and around with them and can hopefully get more specific information here as to the cause and even more hopefully a resolution.

Thank you!