Greetings. We have a working site 2 site vpn running on 2 asa5510 . Both sites can be accessed from hosts of internel networks , however we are unable to access any services (like tftp server , or CA)? or even ping hosts in the remote site network from our local asa5510. It seems that ASA is trying to send packets straight through the default gw , bypasing the vpn tunnel. Any help would be very appreciate.
P.S We have checked the acls on both devices , so most likely this is not the problem.
Since you have not included public ip of the outside interface in the Crypto ACL thats why it is not going into the tunnel.
Add to Crypto ACL a statement where you define outside interface's public ip as source and mirror image that statement in the remote device.
Pls rate helpful posts