The gateway for the machines I'm trying to ping is 192.168.10.1. RDP works fine. I am unable to submit the commands you gave me:

access-list caliperwest_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.0

because it tells me that the input is invalid starting at the second 192 address.

Here is the corrected one

no access-list CompanyX_splitTunnelAcl standard permit 192.168.11.0 255.255.255.240

no access-list CompanyX_splitTunnelAcl standard permit 64.x.x.x 255.255.255.0

no access-list CompanyX_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0

access-list CompanyX_splitTunnelAcl standard permit ip 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.0

no access-list inside_nat0_outbound extended permit ip any 192.168.11.0 255.255.255.240

access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.240

no access-list inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0

Here is my review about the issue

1)You can RDP into 10.x server

2)You can PING a device in 10.x

3)But you cant PING 10.x server

What above means is,

1)All VPN configuration is correct

2)ICMP is permitted (inspect icmp)

3)10.x server has most probably a software that blocks ICMP from any scopes other than 192.168.10.0/24 scope. Maybe servers get an exception rule for ICMP for local subnet only via policy.

dont forget to run these following after config changes

clear xlate

clear arp

All Windows firewalls are disabled through group policy. Cannot ping any Windows box from my workstation over vpn. When I rdp into any box while on vpn, I can ping anything I want to. The signs point to vpn for me. Anyone else?

I finally got ssh configured and I tried to run the commands to change the split tunnel lists. It wouldn't let me do it because it said they were attached to certain group policies that needed to be removed first. At this point I'm gonna leave it as it is. Should this affect anything ??? Everything seems to work except ping.

You should try ot avoid using any in your no nat access-list. Also client vpn traffic is not defined in your intresting traffic. Try to add the following lines:

access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 192.168.4.0 255.255.255.0

no access-list inside_nat0_outbound extended permit ip any 192.168.10.0 255.255.255.0

no access-list inside_nat0_outbound extended permit ip any 192.168.11.0 255.255.255.0

no access-list inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0

access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0

access-list outside_1_cryptomap extended permit ip 192.168.11.0 255.255.255.0 192.168.4.0 255.255.255.0

keep in mind you will also have to define the return traffic on the other side of the tunnel (colo fac)..

something like this (don't have that config to look at, so guessing)

access-list inside_nat0_outbound extended permit ip 192.168.4.0 255.255.255.0 192.168.11.0 255.255.255.0

access-list outside_1_cryptomap extended permit ip 192.168.4.0 255.255.255.0 192.168.11.0 255.255.255.0

Don,

Thanks for pointing out the issues that I already stated.

Issue is not the connectivity between RA client and colo fac, addin colofac-RA related config would make confusion yet the nat statement shouldnt be issued into inside_nat_outbound since colo fac is at outside interface. A exempt nat for outside interface should be created

"When I rdp into any box while on vpn, I can ping anything I want to."

Issue is getting wierd and wierd :) So you connect VPN, ping server in 10.x, no replies, RDP into that server successfully and pings to that server start working?

"Should this affect anything ??? Everything seems to work except ping."

Well it shouldnt, it doesnt atm also but just in case...

Enter commands in following respective order

access-list CompanyX_splitTunnelAcl standard permit ip 192.168.10.0 255.255.255.0 192.168.11.0 255.255.255.0

no access-list CompanyX_splitTunnelAcl standard permit 192.168.11.0 255.255.255.240

no access-list CompanyX_splitTunnelAcl standard permit 64.x.x.x 255.255.255.0

no access-list CompanyX_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0

Also can you please confirm my above question about PING? What VPN client version do you have? Below 5.0?

"Issue is getting wierd and wierd :) So you connect VPN, ping server in 10.x, no replies, RDP into that server successfully and pings to that server start working?"

Answer: Yes. I connect to vpn. No Ping. Only while rdp'd into remote box does ping work on remote box but still NOT on my machine to remote box. Hope this clears things up.

My vpn client version is 5.0.01.0600

I will have to revisit this on Tuesday after the holiday. Thanks to everyone for all your help. You guys are great.

"Only while rdp'd into remote box does ping work on remote box but still NOT on my machine to remote box"

Ahh, you mean remote box can ping another box witihn same subnet. When you have time, let me know an I will request you to open ASDM syslogs and follow the logs being generated when you try to ping from your local machine to remote box.