There seems to be an online help about hairpinning and the pix. Search for hair and you will get Default Gateway link to a page that comments on this.
Redirecting traffic out the same interface that received it is sometimes called hairpinning. Some devices, such as the PIX Firewall, do not support hairpinning.
I found my solution was related to the L2L: rules that were applied to the Public (Default) Filter. Seems that if the remote side had say the ACL to encrypt traffic from the remote network to any. I did this as I want the remote office to encrypt all traffic and send through my network vs allowing split tunneling. Then the L2L on the concentrator had to match. There are two L2L rules so the In would had to have a source of the remote network but the destination was any or the "Use the IP Wildcard mask" and the Out had to have the source as the Use the IP Wildcard mask and destination was the remote network.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...