Typical net -> net VPNs don't allow ASL itself to see the remote subnet unless you also create host->net tunnels. A trick I use is to create a NAT rule that:
External_Int->remote_net/ALL->internal_int
This will take any traffic from the ASL itself bound for the remote subnet to use the internal interface which is then allowed over the VPN tunnel. I use this to push DNS proxy requests and SMTP proxy requests over the VPN.
I don't know if there is a security issue with doing this but it works nicely. I have a home user with his own domain but ISP blocks inbound SMTP. I MX for his domain and push it over the VPN to his server. Also serves to handle DNS traffic when my internal server is offline, secondaries over VPN to my main servers across the VPN.
This thread was automatically locked due to age.