There doesn't seem to be any NAT configuration in the config attached. Do you configure NAT exemption for traffic between DMZ and the other side of the VPN LAN? ACL also looks OK as you pretty much allow any traffic between the 2 subnets.
Thanks for advice, but I don't think it would work:
1. Since I have "same-security-traffic permit inter-interface", NAT rules and exemptions is not in use.
2. ICMP works fine without NAT exempt.
Small update - I've tried to use Cisco ASDM packet tracer and test connection from one IP to another. As it show, there are TCP and UDP drop in ACL after routing and VPN lookup, but I don't have any idea what kind of ACL it can be. And ICMP traces fine.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...