Thank you for that feedback. So I have tried to setup an easy vpn connection and have been able to use the reverse router feature to install a route on the ASA. This seems to provide me with the connectivity in both directions however it seems to only work if the remote site initiates traffic first. Then the head end can communicate with the remote LAN. Can you please tell me how else I can achieve this i.e. VPN with the Headend able to initiate traffic while the remote site is not using a static IP address.

Thanks

Shailen

Unfortunately since the remote end has a dynamic ip address the central side will not be able to start the vpn connection, it is the one with the dynamic ip address the one that has to do it.

From what I have seen the remote client intiates the VPN session as soon as it boots up and the session will stay up for the configured idle time. When the tunnel is up the headend can only communicate with the remote LAN when traffic initiated from the remote LAN. Communication is only available for a small period of time. The tunnel never goes down and the SA's are still present. I have setup the remote site to get NTP of the headend LAN so this way there is always some traffic initiated from the remote device. This is a work around until I can find a proper solution.

OK let me see if I got it right, when the remote end initiates the tunnel it can pass traffic fine but then after a period of time the tunnel is not able to pass any more traffic regardless of the fact that the tunnel shows up along with the SA active?

Yep that is correct. When that happens I need to get onto the remote router and either clear the ISKAMP SA or try do an extended ping to the headend.

Got it, can you post your configs of both headends?

Yep I will do as soon as get back to my office.