I am bringing up a new 5520 and have run into a problem with asymmetric routing. Without going into a ton of detail. Let's say we are using 10.0.1.0/24 for our address pool for remote VPN clients. One of them wants to connect to 10.0.2.2. That results in this connection state as shown by 'show connection all detail':
TCP outside:10.0.1.1/59200 outside:10.0.2.2/80 flags SaAB
Due to our routing configuration, the response traffic is going to come in to the "inside" interface of the ASA and as a result it gets dropped:
%ASA-6-106015: Deny TCP (no connection) from 10.0.2.2/80 to 10.0.1.1/59200 flags SYN ACK on interface inside
Is there any way to relax this check somehow? This set up worked fine on our older VPN3000 concentrators.