Thanks for the explanation....let me explain you my senerio

inside host ip 10.10.10.2 (directly connected to inside network)which is static Nat to 172.168.10.2   

static (inside,outside) 172.168.10.2 10.10.10.2 netmask 255.255.255.255

Encrption ACL.

access-list vpnytraffic extended permit ip 172.168.10.0 255.255.255.0 192.168.10.0 255.255.255.0

if from other VPN peer host  traffic is initiated by 192.168.10.2 to 172.168.10.2  then in show crypto ipsec sa I can see the decrpt count are increaing but decrypt packet count are not increasing.that means return traffic is not working .?

I can ping the 10.10.10.2 from the firewall.

Network 172.168.10.0/24 and 192.168.10.0/24 are  routed to outside by default route .

Please let me know if I am missing any configuration step in this.

please get the following:

- packet-tracer input inside icmp 10.10.10.2  8  0  192.168.10.2

- cap capin interface inside match icmp host 10.10.10.2  host 192.168.10.2 

  cap asp type asp-drop match all

then  run a continuous ping from the VPN peer (192.168.10.2 to 172.168.10.2), and get "show cap capin" and "show cap asp"

please make sure that 10.10.10.2 has correct route 192.168.10.0 with the ASA inside interface as next-hop (gateway)

Hope this helps

------------------
Mashal Alshboul

Hi Mashal,

Thanks for the help ,issue has been resolved

what change was done to get it fixed 

Hi,
What was the change made?
Or else this discussion won't be complete.
I am also waiting for the resolution.