Core issue
E-mail traffic is blocked over the VPN tunnel.
This issue happens when TCP/25 connections are established through the tunnel. However, after the 3-way handshake, the endpoint drops the session.
E-mail traffic gets blocked when the IOS Firewall's default session establishment and half-open session thresholds are still in use although the traffic demand on the network is much higher. This causes new sessions in excess of the thresholds to drop.
Resolution
In order to identify this issue, use these commands:
Hostname (config)# show ip inspect statistics
Hostname (config)# show ip inspect config
Once verified, add these commands in order to resolve this issue:
Hostname (config)# ip inspect max-incomplete low 800