Recently i have established VPN connection between our Head Office and Branch Office ASA firewalls. But we are facing some issues as well as one more requirement is pending to do. Please find attached config for your kind reference.
Issues facing
One way Ping Issue: Branch office connectivity to Head Office connectivity(LAN to LAN) is fine. But from Head Office to Branch office LAN connectivity is not happening to particular subnet (172.16.20.X). Because ping from remote subnets at branch office to head office subnets are fine but ping from Head office LAN(172.16.10.X) to branch office LAN (172.16.20.X) is not happening. From HO ASA also its not pinging
New requirement to do
Only Users at remote subnet (172.16.20.X) should use the internet of Head Office. The reason why we try to implement this is because there is no proxy set at Remote office at the moment, so we would like to use the same proxy located in the HO LAN(172.26.10.X) for remote location users as well.
Lets first take a look ar your Encryption Domain. It states that the networks participating on the L2L VPN Connection are
Head Office
172.16.10.0/24
172.16.60.0/24
172.16.80.0/24
172.26.0.0/16
Branch Office
172.16.20.0/24
172.36.0.0/16
The Branch Site is easy to check as it only has one local interface and all the source networks behind that interface. Your Crypto ACL and the NAT0 ACL match eachother on the Branch Office site so that should be fine. Also you dont have an internal interface ACL configured so all traffic should be allowed.
On the Head Office it seems to me that you have not allowed the traffic to be initiated to the remote site network 172.16.20.0/24
You can test this with "packet-tracer" on the Head Office ASA
