Do you have users that use cell cards or tether their phones? That's really the only time we see this. Our company relies too heavily on mobile connections, so session roaming was pretty much a "must-have" for us.

Have you looked in the logs at the users' IP's to see what ISP's they may be using?

Several years ago I hit this with a ISP. They were cascading IPs. There routers were setup wrong they did not know until I sent in logs. They still denied it until I had my customers call and complain.

Is tehre a pattern which ISP it is?

THe ISPs can get more users without getting more IPs.

In addition to the ideas posed by others: when users log in, do you have a proxy they then need to connect through or does the access route to a different port? To rule out the launching of Network Connect as the problem (if they are not using cellular-based access points) if users don't launch Network Connect, does the issue happen? I've seen some instances where corporations/users have their DHCP timeout set to something low and will trigger this. This would also happen if the client DHCP lease renews during the session

We've seen this, reverse lookup identified Verizon as the ISP. The user claimed they were in a wired office environment rather than on 3/4G. We never did get to the bottom of it, but enabled roaming for them. The IP's weren't even remotely close either.