Hi everyone,  I have a 5550 ASA running version 8.2(1) which is being used to tunnel between sites and also serves as remote access server.   Anyconnect tcp/udp client traffic that is tunneled to other sites via site-to-site vpn fails.

I get these in the logs (either RST or SYN/ACK)

6    Nov 24 2010    12:06:48    106015    10.13.2.1    80    10.6.1.102    15996    Deny TCP (no connection) from 10.13.2.1/80 to 10.6.1.102/15996 flags RST ACK  on interface outside

ICMP traffic is ok as I can ping units in remote sites

10.13.0.0/16  being the remote site and 10.6.1.0/24 being the vpn client subnet

10.6.1.254 is another router connected to the same segment

Internet is being routed to another ASA on the same segment

I have run out of ideas can anyone shed some light ?

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ASA Version 8.2(1)
!
!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 22.33.44.55 255.255.255.192
!

interface GigabitEthernet1/0

nameif inside
security-level 100
ip address 10.6.1.249 255.255.255.0
!
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface

!

object-group network CANADA
network-object 10.6.0.0 255.255.0.0
!
object-group network UK

network-object 10.13.0.0 255.255.0.0

!
access-list nonat extended permit ip object-group CANADA object-group UK
access-list 113 extended permit ip object-group CANADA object-group UK

!

mtu outside 1500
mtu management 1500
mtu inside 1500
ip local pool AnyConnect_Pool1 10.6.1.101-10.6.1.199 mask 255.255.255.0
nat (inside) 0 access-list nonat
route outside 0.0.0.0 0.0.0.0 22.33.44.56 1
route inside 10.6.0.0 255.255.0.0 10.6.1.254 1
route inside 0.0.0.0 0.0.0.0 10.6.1.254 tunneled
!
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD

!

crypto map vpn 113 match address 113
crypto map vpn 113 set peer 100.200.100.200
crypto map vpn 113 set transform-set ESP-AES-256-SHA
crypto map vpn 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map vpn interface outside
crypto isakmp enable outside
crypto isakmp policy 20
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600

!
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-policy thqmtl_AnyConnect internal
group-policy thqmtl_AnyConnect attributes
wins-server value 10.6.4.10 10.3.4.10
dns-server value 10.6.4.10 10.3.4.10
vpn-simultaneous-logins 3
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
group-lock none
split-tunnel-policy tunnelall
default-domain value notimportant.com
vlan none
address-pools value AnyConnect_Pool1
webvpn
  svc keep-installer installed
  svc rekey time 60
  svc rekey method ssl
  svc ask none default svc
!
tunnel-group 100.200.100.200 type ipsec-l2l
tunnel-group 100.200.100.200 ipsec-attributes
pre-shared-key *
tunnel-group AnyConnect_SSL type remote-access
tunnel-group AnyConnect_SSL general-attributes
address-pool AnyConnect_Pool1
authentication-server-group LDAP
authentication-server-group (inside) LDAP
default-group-policy thqmtl_AnyConnect
tunnel-group AnyConnect_SSL webvpn-attributes
group-alias AnyConnect_SSL enable
!
: end