I have a ASA5505 at the remote end (ip base) with a server in the DMZ. DMZ is 10.102.1.0/24 and LAN is 172.16.0.0/16.
I have created a site to site tunnel from our network and can connect to 172.16.0.0/16 fine. I have also added to the crypto map to pass 10.102.1.0/24 traffic down the tunnel. I have also permitted outside - inside traffic to the DMZ from my LAN subnet.
I still can't ping the DMZ from my LAN - is this possible or am I missing something?
You should add conditional exempt nat rules
access-list dmz_nat0_outbound permit ip 10.102.1.0 255.255.255.0 yourlocallan netmask
nat (DMZ) 0 access-list dmz_nat0_outbound
access-list inside_nat0_outbound permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list inside_nat0_outbound permit ip yourlocallan netmask 10.102.1.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outbound
access-list outside_xxx_cryptomap permit ip locallan netmask 172.16.0.0 255.255.0.0
access-list outside_xxx_cryptomap permit ip locallan netmask 10.102.1.0 255.255.255.0