Hi,
To my understanding VPN Client filter lists are configured in the same way as any ASA interface ACL. You take into consideration only one direction of the traffic.
With L2L VPNs I think you need to configure the ACL so that every rule/ACE start with the remote hosts IP address.
If you have for example local host 10.10.10.10 and remote host 192.168.10.10
Opening SSH for both directions in L2L filter ACL would be done the following way
access-list L2L-VPN-FILTER remark L2L-VPN Filter ACL
access-list L2L-VPN-FILTER remark SSH from LOCAL to REMOTE
access-list L2L-VPN-FILTER permit tcp host 192.168.10.10 eq 22 host 10.10.10.10
access-list L2L-VPN-FILTER remark SSH from REMOTE to LOCAL
access-list L2L-VPN-FILTER permit tcp host 192.168.10.10 host 10.10.10.10 eq 22
So if the Client VPN works fine only thing preventing you from connecting to the remote host should be your normal interface ACLs for the interface you are connecting from on the local network behind ASA and its NAT rules. And possibly the remote hosts firewall software.
- Jouni