Route traffic on vpn to another interface on an ASA 5510
Solution 1:
The best way to do this is to expand your encryption domain to include 192.168.3.0/24 (or just 192.168.3.X/32 for all necessary X).
For example, on your ASA 5510, you probably have an access-list like this:
access-list to-remote extended line 1 permit ip 192.168.2.0 255.255.255.0 192.168.200.0 255.255.255.0
Assuming your application lives on 192.168.3.5 and you want to give all of 192.168.200.0/24 access, for example, you'll want to add something like the following:
access-list to-remote extended line 2 permit ip host 192.168.3.5 192.168.200.0 255.255.255.0
Remember that you have to modify the encryption domain on the other side as well.