3 things. You must allow traffic to enter/exit same interface at Head office.
same-security-traffic permit intra-interface
You must then add the new traffic to the existing acl's for the lan to lan vpn.
Head End
access-list xxx extended permit ip 10.10.12.0 255.255.255.0 192.168.14.0 255.255.255.0
Suboffice
access-list xxx extended permit ip 192.168.14.0 255.255.255.0 10.10.12.0 255.255.255.0
and also the nat 0 at suboffice
access-list nat0 extended permit ip 192.168.14.0 255.255.255.0 10.10.12.0 255.255.255.0
nat(inside) 0 access-list nat0
This is all possible via ASDM as well.