i spoke for a friend which problem i heard in the last days.
he installed a new location and the vpn is woking well, from the cleints in the local lan he can connect the tftp server in the headquater. but when he is on the asa via ssh (connected to the internal IP) he can't connect the tftp. a traceroute routed him directly to the WAN and not into the vpn tunnel..
he configred this asa that very traffic should go into the vpn tunnel.
But from the asa itself he do it not and can't reach the tfp in the headquater.
The ASA uses an access list to identify traffic that should be protected by IPSec and sent through the VPN tunnel. The symptoms that you describe sound like that traffic generated by the ASA itself (TFTP from ASA to headquarters) is not included in that access list. If he wants the TFTP traffic from the ASA to go through the VPN tunnel he should add an entry in that access list which permits TFTP from the ASA to the server.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...