I have setup a vpn for vendor access to hvac equipment.
The profile is RCPS_Vendor
DHCP pool is RCPS_Vendor
Terminated to Outside int
These are the steps I took:
remote access, outside->psk(password), name RCPS_Vendors->local authen->Hoff_Vendor(password)->RCPS_Vendors 192.168.10.2-192.168.10.128->10.1.252.101/103->3DES SHA 2->3DES SHA->10.0.0.0/8 en split tunnel
The issue is the vendor needs ping to internal units, and his program will not connect to the units.
Modified config attached.
Thanks in advance.
If all of the internal units are one hop away from the ASA, then you could put that static route on each of those units. That would point them to the inside interface on the ASA. The ASA would use its default route to send traffic back to the VPN clients.
If the internal units are further inside your network and you are using a dynamic routing protocol, you can redistribute the static route to 192.168.10.0/24 on the next hop router (from the ASA) inside your network so that the default gateways of the internal units know where to send traffic destined for 192.168.10.0/24.
Since your remote clients are sending traffic through VPN tunnels I don't believe you need to add an ACL on the ASA to allow specific traffic from the VPN clients to the internal units.