I've recofigured the VPN 5 times now and keep running into the same problem. I have a Cisco ASA 5510 connected via site-to-site VPN to a Sophos XG115. The Cisco side has 11 subnets and the Sophos has 1. The primary subnet on the Cisco does not send any traffic over the VPN. It gets decaps from the Sophos, but no encaps going the other way. The other 10 subnets on the Cisco side have no problems communicating back and forth. I have the NAT exempt rule set up and when I run packet tracer everything is allowed through. So I have no idea what to look at next. I've gone through line by line and removed every remnant of the VPN and then set it up again from scratch 5 times. Any help would be greatly appreciated.
So here is the newest running configuration. I created another VPN that I needed to get done this morning. Basically the same setup, Sophos XG115 to Cisco ASA 5510. I followed the same process as the other one except this one works perfectly.
I had to get the VPN done so I ended up recreating it again using a different subnet. Everything is working fine now. There must be something with the 192.168.12.0/24 subnet that was causing it not to work.
I found invalid SPI's being used. The workaround to reload the ASA brought the VPN back up and it's been solid for the last 48 hours. Hopefully the issue won't return otherwise I will need to find a way to update the ASA software or replace the ASA.
