We have a MPLS network, with a Cisco ASA 5505 in the data centre acting as the company firewall The ASA creates a Ipsec VPN tunnel to America to allow access to a server. We need all subnets in the MPLS to be able to access the servers through this VPN tunnel. In the exampe I have attached, Im just giving an example of 1 subnet (192.168.102.0/24). All Internet traffic is routing out correclty through the ASA, and this is shown in the logs. However, when I try to get access to the server over the VPN, it does not work. The ASA can ping the remote server fine. I have attached a shortened copy of the running config, and a diagram of the setup. In the crypto map of the firewall in America, do we have to add all remote subnets? When it was configured, it was only configured for 172.16.194.22/252.