I have an ASA5510 at a remote location. I used the IPSec VPN Wizard to configure Remote Access for the developers into the DMZ portion of the network, 192.168.100.0/24.
I can connect using both the latest Cisco client on Windows and using VPNC on my Linux box. A tunnel is created, I receive a valid IP within the 192.168.100.0 subnet and all looks great.
But when I attempt to ssh to one of the servers, the SYN packet times out. I can see the connection attempt to be established looking at the logs on the firewall.
There is no issue with the Linux servers themselves to which I am attempting to connect. I flushed iptables and even attempted to connect without any firewall rules. Still no dice.
I can post my running-config here if necessary.
Well just make sure the desired ISAKMP policy on your firewall is at the top. This will decrease the negotiation time for Phase 1. Also make sure there is no fragmentation (MTU issues).