Having a weird issue trying to get my RAVPN users to access resources at a remote site(corp). RAVPN users (192.168.11.x) can access resources at the main site, and the main site can access resources at the remote site(192.168.101.x), but when I try to setup the hairpin connection so the RAVPN users can hit the remote site, I get a weird error in the logs - "Routing failed to locate next hop for ICMP from Outside:192.168.11.x to Inside:192.168.101.x"
My thought here is that it's trying to access the remote subnet via the Inside interface as shown in the error above "Inside:192.168.101.x", as my understanding is that since that subnet is on the other end of a site to site VPN, it should be accessed via the outside interface.
Relevant sections of crypto map on main ASA:
crypto map Outside_map 1 match address Outside_cryptomap_1
access-list Outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_3 object Corp-subnet
object-group network DM_INLINE_NETWORK_3
network-object object VPN-network
object network VPN-network
subnet 192.168.11.0 255.255.255.0
description VPN Subnet
nat (Outside,Outside) source static VPN-network VPN-network destination static Corp-subnet Corp-subnet
nat (Inside,Outside) source static any any destination static VPN-network VPN-network
access-list Outside_access_in extended permit ip object VPN-network object Corp-subnet
access-list Outside_access_in extended permit ip object Corp-subnet object VPN-network
Any ideas what I'm doing wrong?