We have a remote location with a PIX 506 that has a VPN tunnel back to an ASA5520 at headquarters. That remote PIX 506 also has a very basic VPN client setup enabled on it that I didn't implement.
Remote subnet: 172.16.50.0/24
Remote VPN client subnet: 172.16.253.0/24
Local (HQ) subnet: 192.168.1.0/24
So someone from the remote location will use the VPN client and connect to the PIX506 and get an IP on 172.16.253.0/24. It can ping anything on 172.16.50.0/24 just fine but cannot hit anything on 192.168.1.0/24, 192.168.1.13 is what I need to get it access to specifically.
Same from the other side. From 192.168.1.0/24 I cannot see anything on 172.16.253.0/24. I assume I don't have the routing totally complete from what I can tell. I tried adding the following to our ASA5520:
route inside 172.16.253.0 255.255.255.0 172.16.50.3 1
172.16.50.3 is the PIX 506's inside IP and I can ping that fine from my workstation IP of 192.168.1.240. However if I try to ping it from the ASAs IP of 192.168.1.23 it doesn't work.
I've attached some pared down configs of both devices. MTY506E.txt is the remote PIX 506 of course and the central HQ ASA is Hilliard_ASA_5520.txt