I have connected a remote office using an ASA 5505 to the main office which uses NSA 3500 Sonic Firewall. I was able to bring up the site-to-site vpn and can ping clients on each end. I was also looking at configuring vpn client access for employees who travel. The remote office behind the ASA has a backup domain controller to store the profiles but the exchange server is at the main office behind the Sonic Firewall. If I connect a VPN client to the ASA (remote office); the employees can pull their profile; however, they can't access the exchange server. If they connect to the Sonic Firewall then they can't pull their profiles. People at the main office and remote office have no problem accessing resources.
VPN Client (on the road) --> ASA 5505 (remote office) --> (site-to-site connection)--> Sonic Firewall (main office) --> exchange server
I can ping vpn client to ASA.
I can't ping the exchange server.
People at the remote office can access everything at the main office and vice versa.
Would this be correct behavior?