I've recently been rolling out some 5505 installs to a number of customer sites recently, one of them is exhibiting very strange behaviour.
When adding a lan-to-lan vpn (between a unlimited user security plus device at the HQ and a 10 user base device at a remote office) the tunnel comes up fine, but when you add a nat exception for the traffic to the HQ device everything goes crazy.
The remote device behaves fine, however the hq device starts to have loopy connection tracking, and randomly start rejecting traffic, sanitied output attached... this was an ASDM refresh...
Local site is 192.168.16.0/24 and remote is 192.168.15.0/24.
Seems to be routing traffic to try and connect external traffic via the internal interface (ACLs reject)
Anyone got any ideas - the strange behaviour only starts when you add a nat exception for traffic from the local subnet to the remote?