I've experienced a similar problem where traffic can only go one direction on one tunnel. Here is part of what I did on the 506 to get around it.

1. Create an access-list 101, 102 for each remote site:

access-list 101 permit ip localnet remotenet1

access-list 102 permit ip localnet remotenet2

2. Create an access-list 103 to include all remote site (101 and 102):

access-list 103 permit ip localnet1 remotenet1

access-list 103 permit ip localnet2 remotenet2

3. Map each access-list to each SA:

crypto map mypolicy 10 match address 101

crypto map mypolicy 11 match address 102

4. Disable NAT on access-list 103:

NAT 0 access-list 103