Hello,

I am having a bit of an issue with my Site-to-site VPN.  I am connecting an 871W at a remote location back to our Corporate office ASA 5520.  To this point, I have created a network device in the ASA for the remote network and a network group for internal resources that will be accessible to the remote location. I also created a NAT rule for the source int being our internal network, to a destination int of the outside interface, with the source being the network group of resources accessible and the destination to the network object for the remote location.  I set up the Site-to-site Group Policy and Connection profile.  We have another VPN setup exactly the same way that I used as the basis for all of my configuration and all configurations match that other VPN with the exception of public IPs and vLANs etc.  

The issue I am running into is that the tunnel is able to establish (status is UP-ACTIVE), but I am having trouble pinging internal hosts through the tunnel.  From the router itself in the remote location, I can ping the internal hosts on our corporate network from the access lists and ACLs and from the ASA, using the Packet Tracer tool, I can see that it is allowed all the way from an internal resource (allowed) to the destination network.  So it appears everything is working fine from corporate office to the destination, and from the router back to the corporate office but I cannot get from a host in the remote network past the router. So, inside->out seems to work, and outside (from router)->in seems to work, but not remote client ->VPN->corporate office

I also notice that I am able to access the Internet on the remote systems, such as Google and MSN, but if I try to tracert or ping, the requests timeout. Almost like split tunneling is forcing the tracert and ping through the tunnel and stopping at the gateway, but browsing works fine? 

Any thoughts, ideas, or suggestions on places to start would be extremely helpful.

Thank you in advance.

Mike T.