I ran into a similar issue.
Check your logs and look for "Dropped UDP DNS reply". If you are seeing this between the two endpoints then have a look at your inspect maps, and set the DNS inspect to 1024.
http://www.802101.com/poor-asa-site-to-site-vp...
Create a dynamic access policy, set the AAA attribute to match the username. Under the access/authorization policy attributes, select the Network ACL filters (client) and select the appropriate ACL.
Configure an access list to permit the VPN source network range (the IP ranges assigned to the client) to access the workstation over VNC
access-list VNC-Only extended permit tcp object-group VPN-Subnets object-group Mac-Workstation eq 5900.
Assign t...
Claudia & Tomas
Did you get this solved? I am having the exact same issue.
I have configured OOB addresses for the spine and leaf nodes, can ping them successfully from the server used for SNMP.
I have defined the SNMP contracts and it is applied.
...