The configuration looks good to me. The 'recycle delay' feature only keep the ip address unallocated for the specified time period, To my knowledge we can not guarantee the assigment of the same IP with this feature.
Regarding the communicaion timeout issue, you can check the following things
1. While the is client connected to VPN, initiate a communincation to your internal network, and see whether you are getting
'decap' counter getting incremented in show 'crypto ipsec sa ' for that specific client IP
If the decap counter getting incremented, that says, the traffic is reaching your router and doing IP sec decryption but not properly processing after that due to some reason.
If the decap counter not increasing, you can do a reverse ping from the router to the client IP with source address of your LAN interface, then can notice 'encap' counter incresing but no decapsulations..
In that scenario, I would say the issue is local to the client and you may need to change the VPN client version and see
Thank you for the respond. I will perform the troublshooting steps you provided next time I hear about the issue from my users and I will post the results.
Thank you for review my config though. It is good hear that I haven't miss configured anything here.