Route traffic on vpn to another interface on an ASA 5510

Solution 1:

The best way to do this is to expand your encryption domain to include 192.168.3.0/24 (or just 192.168.3.X/32 for all necessary X).

For example, on your ASA 5510, you probably have an access-list like this:

access-list to-remote extended line 1 permit ip 192.168.2.0 255.255.255.0 192.168.200.0 255.255.255.0

Assuming your application lives on 192.168.3.5 and you want to give all of 192.168.200.0/24 access, for example, you'll want to add something like the following:

access-list to-remote extended line 2 permit ip host 192.168.3.5 192.168.200.0 255.255.255.0

Remember that you have to modify the encryption domain on the other side as well.