ASA 5505 IPSEC VPN Client problem from some remote sites - bizarre

[clumsymonkey]

Having a bizarre issue that's beyond my knowledge. I configured the ASA 5505 for an IPSEC tunnel. Regardless of what remote site a user tunnels into, the tunnel comes up, both PHASE 1 and PHASE 2. From some sites, the user can successfully ping the office network resources behind the ASA, but for others, from troubleshooting, it seems traffic from the remote end can reach the office network resources, but the the office network resources cannot get past the ASA and not reach the remote end. Logging is no help as I cannot see any traffic dropped by the firewall. It's bizarre as some sites work - where traffic is bi-directional over the tunnel, and others do not, but for those remote sites where it doesn't work, the problem looks like behind the ASA - where traffic is one-way over the tunnel.



Has anyone seen this before? And advise a corrective action?

 

[ADB100]

Sounds like routing at the central site. What routers/layer-3 switches are between the hosts and the ASA?