Assuming that both are configured to recognize the other as peers (doing static IPSec tunnels rather than dynamic tunnels) it sounds like the access lists used to identify traffic for IPSec may not quite match each other. I would suggest that you compare both configs and look for something that does not match between the peers.
Yes ACLs not matching would be a common example of mismatch which could cause the assymetry that you describe. There is traffic that would be matched by the 10.1.0.0/16 that is not matched by either of the other statements. For example if there is traffic from 10.1.65.0 it would match the /16 but not the /20 or the /21. So if there is traffic from 10.1.65.0 it would activate from one side but not from the other.
It is always good practice for the ACLs to be mirror images of each other. Sometimes it will work when they do not match. But sometimes it does not.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...