I understand what you're seeing - this is the same sort of activity I saw, but I was trying to attach to a RAIDUS server on the other end of the tunnell. Are you sure that your aaa-server is set to use the private interface (doesn't make sense but that's what I had to do) and that you have the "management-access" entry for your private network. The only other thing that was strange is that the traffic hit the remote authentication server from the internal interface of the remote asa, so I had to adjust my radius rules for that.
The other thing I have is both of the following, not sure if this affects anything or not but it problably does:
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface