vpn tunnel is up but cant ping server

hello i have a vpn tunnel setup to cisco asa 5506. tunnel is up . i cant ping the server behind the vyatta f/w.

from the vyatta side i can ping the cisco asa inside ip address. but not the switch behind it .

i opened a case with cisco tac and we were able to see the traffic passing over the tunnel. but after it gets decrypted by vyatta not sure what happens…


root@vyos# show vpn
ipsec {
esp-group ESP-1W {
lifetime 28800
mode tunnel
pfs dh-group5
proposal 1 {
encryption 3des
hash sha1
}
}
ike-group IKE-1W {
lifetime 86400
proposal 1 {
dh-group 2
encryption 3des
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
nat-traversal enable
site-to-site {
peer 184.68.34.110 {
authentication {
mode pre-shared-secret
pre-shared-secret !P@ssw0rd!
}
default-esp-group ESP-1W
ike-group IKE-1W
local-address 199.29.222.114
tunnel 1 {
esp-group ESP-1W
local {
prefix 192.168.147.0/24
}
remote {
prefix 192.168.1.0/24
}
}
}
}
}

[edit]
root@vyos#