I am running a dynamic VPN, that establishes perfectly fine over NAT from a 5505 running 9.1 code to a 5515X running 9.1 code. The issue that I have is, only the first attempted network SA will establish. If the first packet from the remote is to a 172.x.x.x, an SA will establish to that and they will not be able to form an SA to the remote 10.x.x.x network. If the first packets from the remote branch are destined to the hub side 10.x.x.x, that SA will form and work, but they will never be able to form an SA to the 172.x.x.x remote network.
Configurations followed this guide exactly, with the exceptions of networks used, routes needed, no NAT statements not covered in the guide, etc..:
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118652-configure-asa-00.html
Does anyone have any insight into what could be missing or ability to help diagnose?
Thanks all!!!!