This i my scenario but should match your environment pretty well.

192.168.40.0/24 = Main office (Site B)

192.168.50.0/24 = VPN Client Pool (Site A)

192.168.0.0/25 = External office (Site Customer)

Configured ipsec vpn client network (Site A) to external office that is a ipsec tunnel (Site Customer) terminating i network main office (Site B)

access-list acl_split_vpnclient standard permit 192.168.0.0 255.255.255.0

Configured to route traffic on same interface:

same-security-traffic permit intra-interface

Configured vpn client network (Site A) as a ipsec tunnel to (Site B):

access-list acl_vpn_malmo extended permit ip 192.168.50.0 255.255.255.0 192.168.0.0 255.255.255.0

Configured no nat rule for vpn client :

access-list acl_nonat_inside extended permit ip 192.168.50.0 255.255.255.0 192.168.0.0 255.255.255.0

Configured ipsec tunnel at external office (Site Customer) to main office for the vpn client network:

access-list acl_nonat_inside extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0

access-list acl_vpn_sthlm extended permit ip 192.168.0.0 255.255.255.0 192.168.50.0 255.255.255.0

C:\>ping 192.168.0.54

Skickar signaler till 192.168.0.54 med 32 byte data:

Svar från 192.168.0.54: byte=32 tid=22ms TTL=128

Svar från 192.168.0.54: byte=32 tid=21ms TTL=128