As soon as I start ping a device in the destination network from the branche, the headquarter ping stops. Now I can access the destination network from the branche but no more from the headquarter. Only when I delete the traffic selection in the headquarter ASA and apply the settings everthing is back to normal: The ping from the branche stops and the ping from the headquarter starts again.
Since you do not have administrative rights on destination firewall, you cannot modify tunnel configuration.
So you include a permit traffic from branch to destination lan segment and similarly you permit from headquarter's side permit destination to branch lan segment i.e. tunnel bound traffic normally would.
This where the magic take place.
Your need a dynamic policy-nat on your ASA, as such below.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...