At the head end there is an ASA failover pair which forms a IPSEC VPN tunnel to a remote ASA failover pair. We manage the remote side by going through the VPN from the head end.
The problem is that I cannot access the standby ASA at the remote side because when my ssh or icmp traffic gets to it, it then thinks the return route is on its outside interface which doesn't have a tunnel to travel on and so it uses the public internet to try to get back which is dropped.
I can access the standby at the remote site going through the public internet, but not through the VPN tunnel.
The question is, how can I get management traffic (icmp,snmp,logging and ssh) to come back over the tunnel from the standby firewall at the remote site.