Site2 is connected to other sites thru MPLS. SOC Log Collector and Network Management are configured to collect various logs from all the devices. They are able to collect logs from all the MPLS connected devices, no worries.

It is noteworthy that these machines are configured to collect data by polling the inside or the management interface of the Devices.

Site1 and Site2 are connected via S2S tunnel (10.230.0.0/16 on Site1, 10.0.0.0/8 on Site2), NAT Exempt is configured.

IP addresses :

10.230.1.130 Site1_ASA's inside Interface

10.177.172.81 is IP address of SOC Log collector.

Routing on Site1_ASA:

(removed route for outside, pointing to default gateway)
route inside 10.0.0.0 255.0.0.0 10.230.1.190 1
route management 10.0.0.0 255.0.0.0 10.230.2.254 10
route inside 10.230.0.0 255.255.0.0 10.230.1.190 1

IP Address on Site1 (Core Switch)

10.230.2.254 : Management

10.230.1.190 : Firewall to LAN

Routing on Core Switch:

Default route to 10.230.1.130 Firewall's inside interface.

I can't ping 10.230.1.130 or 10.177.172.81 from Site1_ASA (this is understood), but from Core Switch it is fine.

When the SOC tries to poll Site1_ASA, it does not work and I see a "106016 Deny Spoof from (10.230.1.130) to 10.177.172.81 on interface inside"  message