The newer versions of the Cisco IOS allow you to add a compression algorithm to the transform set that defines how traffic is encrypted. After adding new crypto map entries at a client using this compression, other VPNs (using the original transform set that does not include compression) started getting odd errors. The VPN would stay up, but only small ping packets would get through. And different endpoints had different sized pings that would make it through. Eventually, I tried removing the crypto map entries using compression and the other problems disappeared. The lesson I learned from this was to not use a crypto map that mixes transform sets with compression and transform sets without compression.