This issue affects Mobile VPN clients that are located behind a router or firewall performing NAT. When the MUVPN establishes a connection to the Firebox, the NAT appliance assigns a source port for the allowed session. If the session on the NAT appliance changes the Source port, the MUVPN client negotiates a new VPN connection. The Firebox establishes the connection but when it attempts to delete the old SA for that MUVPN, the IKE process crashes.