Packet tracker output: 

Result of the command: "packet-tracer input Serv icmp 10.10.10.10 8 0 10.10.12.10 detailed"

Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in LAN2-network 255.255.255.0 WAN

Phase: 2
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd9414ae8, priority=0, domain=inspect-ip-options, deny=true
hits=855552, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=Servers, output_ifc=any

Phase: 3
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd9bde9c0, priority=70, domain=inspect-icmp, deny=false
hits=77065, user_data=0xd9bdd9a0, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=Servers, output_ifc=any

Phase: 4
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd94146c0, priority=66, domain=inspect-icmp-error, deny=false
hits=225387, user_data=0xd9413cd8, cs_id=0x0, use_real_addr, flags=0x0, protocol=1
src ip/id=0.0.0.0, mask=0.0.0.0, icmp-type=0
dst ip/id=0.0.0.0, mask=0.0.0.0, icmp-code=0, dscp=0x0
input_ifc=Servers, output_ifc=any

Phase: 5
Type:
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xd9bdfde8, priority=18, domain=flow-export, deny=false
hits=425531, user_data=0xd9bb0e70, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=Servers, output_ifc=any

Phase: 6
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (Servers,WAN) source static obj-10.10.10.0 obj-10.10.10.0 destination static LAN2-network LAN2-network no-proxy-arp route-lookup
Additional Information:
Static translate 10.10.10.10/0 to 10.10.10.10/0
Forward Flow based lookup yields rule:
in id=0xd94e3ec0, priority=6, domain=nat, deny=false
hits=94235, user_data=0xd94e3820, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=10.10.10.0, mask=255.255.255.0, port=0
dst ip/id=LAN2-network, mask=255.255.255.0, port=0, dscp=0x0
input_ifc=Servers, output_ifc=WAN

Phase: 7
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xd9afcb40, priority=70, domain=encrypt, deny=false
hits=95074, user_data=0x0, cs_id=0xd9369c70, reverse, flags=0x0, protocol=0
src ip/id=10.10.10.0, mask=255.255.255.0, port=0
dst ip/id=LAN2-network, mask=255.255.255.0, port=0, dscp=0x0
input_ifc=any, output_ifc=WAN

Result:
input-interface: Servers
input-status: up
input-line-status: up
output-interface: WAN
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

I see your problem now. Tunnel is established with peer in crypto map seq 2

Crypto map tag: WAN_map, seq num: 2, local add:x.x.x.x

But your crypto map seq 1 has the same source and destination proxies. Return traffic tries to match against first crypto map entry and establish a VPN - which is failing. You cannot have the same proxies for 2 tunnels as the first is always matched for outbound traffic.

Try reversing the order of the crypto map entries or changing crypto map seq 1 to have mutually exclusive proxies.

Hello,

This got me to ping my remote gateway Cisco -> linux. But when I try to ping from linux -> Cisco I get ping time out.

Do you see encaps and decaps on both sides? Also, did you make the change to the identity NAT rules order as I mentioned earlier?

How do I move VPN NAT rules on top?