Cisco VPN :: 2911 Remote Office With Dual ISP And EZVPN

I am attempting to get a solid setup for a remote office we have going up and I am running into little issues that I cant seem to get around.
 
Basically, we have a remote office that will have dual ISPs, one hard wired circuit from a local carrier and the other will be a Verizon 4G router that plugs in via Ethernet and hands out DHCP to my Cisco router.The Cisco router is a 2911 with IP SLA configured.  I have it setup to ping my DC out one interface and if that fails, it removes the default route and injects a new default route from the other ISP,
 
The problem I am having is with the VPN.  I figured using EZVPN would be the only solution because the Verizon 4G only supports DHCP so I have to be able to connect from a dynamic remote host.  The other caveat is that failover needs to be seamless as we have no person onsite that can troubleshoot.  Its fine if it takes a few minutes, but the VPN just needs to come back up on its own without any intervention.
 
I attempted to setup two different EZVPN crypto maps on the router but realized you can only have one inside cryptomap per interface, which would cause a problem with the internal network.  I thought I could just create subinterfaces off the router to have two inside interfaces to work with but that wouldnt have supported because they would now be on different subnets.
 
I decided that adding an ASA5505 behind the router may be the simplest solution.  Use the router only for the purpose of handling routing between the two ISPs and performing NAT out the interfaces.  Then use the ASA to do EZVPN from.  This works well but there are some issues I am trying to work through.
 
First, when the ISP fails over to the backup, the NAT translations have to timeout before things start working again.  For a constant ping, this is fine, I have the timers set down to 15 seconds for NAT timeouts and after 15 seconds the ping picks right back up again.  However, this breaks the EZVPN.  The ASA keeps trying to bring up the ISAKMP nearly every second, which keeps resetting the countdown on the NAT timeout for the remote EZVPN server.  Because of this, the VPN will never come up until I manually clear the NAT translations on the router.  So my first question is this; is there a way to adjust the timer that the VPN uses to try to bring the tunnel up?  I tried the crypto isakmp keepalive command but that didnt work, it looks like it doesnt work with EZVPN.
 
The second issue is really with the IP SLA and is only an issue because of the first issue I mentioned.  When the router first comes up after a reboot, both the primary and secondary interfaces come up.  However, since the primary default route is only injected into the routing table once IP SLA is up and can reach its destination, the secondary route gets injected initially and the VPN comes up over the secondary ISP.  In a few seconds, the primary default route is injected, changes the path and because of the NAT translation, breaks the tunnel and never comes up again because of the first issue with the VPN tunnel renewing the NAT translation continuously. 
 
I could easily go out and purchase a $100 Linksys router that will do the failover and clear its NATs and everything, but I need better reliability out of the hardware than that.  There has got to be a way to do this on a Cisco device since consumer level equipment can.