We are in a similar situation, except we used a Cisco Concentrator for our VPN connections. We also have a PIX 515 for our internet usage. We have two different internet pipes, one for internet use and the other for remote access. We had a new 20MB fiber line installed, and decided to use it for our remote access users(and internet for the IT department... hehe). I HIGHLY recommend the ASA. Even though we ran into this issue, it is a SUPER perimeter security device. We just ran into this snag, but I'm SURE we will over come it. If I don't get it resolved by Monday morning, I'm going to call Cisco and have one of their CCIE 'Jedi' network guys get involved. I could have called them today because we have an agreement with them, but like all men, I'll sustain great stress, pain, and suffering before calling for help or asking for directions. lol
For some reason, Cisco products have always kind of reminded me of Unix.
A huge pain to get configured at times, but, once configured, you tend to forget about them, because they just work.
Anyway, good luck with this, sounds like an interesting if somewhat frustrating problem.
In my own tech world, I just got done fighting with Backup Exec, because it decided to go from 122 MB/min throughput to 1 MB/min throughput when backing up.
There was no apparent reason for the problem to occur, and what seems to have resolved the issue was upping the sync rate on the SCSI controller. I upped it to the maximum, versus what the tape drive manufacturer said it should be. Uggh.