No more Loss of Packets over VPN.

If you find that your VPN packets aren’t getting through your Cisco ASA or PIX security appliance, you may want to verify that you’re using the appropriate sysopt connection permit command to allow IPsec tunnel packets to get around the interface access control lists (ACLs)in ASA or PIX. Unless you issue the appropriate command to allow IPsec tunnel packets through (or else manually set up your ACLs to specifically allow the traffic you want), these packets may fail.
In PIX/ASA version 7.0, use this command:
   sysopt connection permit-ipsec
In PIX/AXA version 7.1(1) or higher, use this:
   sysopt connection permit-vpn
Before version 7.0(1), these commands were disabled, so in that case, you have to explicitly enable them with the following command:
   pix(config)#sysopt connection permit-ipsec

If these commands have been disabled in later versions, enable them this way:
   securityappliance(config)#sysopt connection permit-vpn
The show sysopt command can help you see if the appropriate command is enabled.