Our firewall currently blocks traffic destined for our VPN server based on TCP inspection.
Essentially data traverses the VPN to a server on a remote subnet but on return it routes to the firewall and then back to the VPN. However the ASA rejects this as it did not see the original SYN.
ICMP works okay.
How can I turn off this type of TCP inspection for specific subnets and data only.