In some LAN-to-LAN scenarios, you may have a router behind the Cisco VPN Concentrator that is used to aggregate traffic from multiple networks. In such scenarios, routing issues can cause traffic not to reach end devices.
In addition to the normal LAN-to-LAN configuration, configure static routes on the VPN Concentrator for each internal network. For example, 10.1.1.0/24, 172.16.1.0/24 and 192.168.2.0/24. To avoid configuring individual routes on the VPN Concentrator, configure the tunnel default gateway as the router IP address. Then all the encrypted packets through the LAN-to-LAN tunnel are forwarded to the internal router. If the tunnel default gateway is not configured, three static statements need to be configured on the VPN Concentrator for the correct routing.
To configure a default tunnel gateway on the VPN Concentrator, go to Configuration > System > IP Routing > Default Gateways.