Hi,
a. I wasnt able to figure out what your internal network was.
b. I wasnt able to figure out the object-group and names configured in the ACL "NAT_nat0_inbound" used for NAT excemption.
from the attached config.
For eg:
If your internal network is 10.10.10.0/24 and you are assigning the address 192.168.1.x/24 for your VPN client pools then you would need a NAT zero statement like this.
access-list 100 per ip 10.10.10.0 255.255.255.0 192.168.1.0 255.255.255.0
nat (inside) 0 access-list 100
To answer your second question, if the remote plant are on your internal segment then with the nat exemption and split tunnel configured properly, you should be good to go.
Let me know if this helps.
Note: If there are routers on your internal network, make sure the routers have an entry to forward the packets destined for 192.168.1.x towards the PIX. (according to my example)
Thanks
Gilbert
Rate it, if this helps.