From FW4 you are pinging on same subnet. Servers know about the local address (FW4 inside address which the ping comes from) via ARP - no routing involved.
When you try to reach other than server 4 via VPN, the servers see remote traffic form a non-connected network (192.168.2.0/24) and reply via their default gateway (FW 1/2/3). Those FWs need a static route inside to FW4 for the VPN pool otherwise they will send return traffic out their default gateway (normally outside).
That's correct Marius - host routes are also an option.
I tend not to recommend them except as a last resort since they don't sacle as well. Many sys admins ae unfamiliar with them and they're not immediately apparent to anyone who comes along later and tries to troubleshoot.
You cannot ping VPN clients from the firewall itself because the clients are seen as on the outside interface routing-wise and thus the fw will originate traffic to them using the outside interface address which won't work with the VPN encapsulation.
Can you share the configs from FW4 and one of the others for us to look over? You can also try a host route as Marius suggested.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...