Have you denied the protected traffic from getting translated(nat)?
Might be the packets sent through the tunnel are translated and the server is not able to recognize the packets or do not have any route to the public ip in its routing table.
You can resolve the issue by giving "deny ..." for the procted traffic in the access list used in ip nat cli.
HTH,
Radhika