I have an ASA serving mostly as a data center firewall and as user remote access. I recently added a LAN2LAN IPsec tunnel to a temporary office. But I notice that the remote IPsec tunnel can not reach the spoke LAN.
So imagine home user with laptop 192.168.1.100 and he creates a split IPsec tunnel to the ASA whereby 10.0.0.0/8 is encrypted/tunneled.
No off of the ASA is a LAN to LAN tunnel to an office with IP block 10.10.70.0/24. How could the home user reach a device at the remote site on the 10.10.70.0 network? Is this possible?
There are mutliple examples even on the forums here.
First of all you need to allow U-turn on same interface of ASA (if you terminate crypto on one interface only).
same-security perm intra-interface
Following this you will need to allow remote-access subnet to go to the remote lan-to-lan subnets.
I'd also suggest to add reverse route injection to avoid routing problems on ASA.
Remember that also that remote l2l device will need to be adjusted (possibly nat, routing and access-list adjustments).