Folks, 

Good evening.  My colleague and I have been trying to resolve this issue for the last few days and the solution is alluding us.  Here is the setup: 

We have a Cisco ASA 5525 that is supplying Remote Access VPN and is an endpoint for a site to site VPN.  We'd like the users to be able to come over the remote access VPN and pass traffic over the VPN tunnel and hit a remote host at 172.30.1.115.   We tried to get things to work where both the remote access VPN and the site to site were using the outside interface.  After not being successful there, we decided to try assigning an interface for remote access and an interface for the site to site.  Yet, here I am still stumped and frustrated. 

Currently, we have a test laptop that is physically attached to the ASA that is NAT'd to the remote user network (10.180.0.0/14) which is able to ping the remote host at 172.30.1.115.  We have remote user clients that are able to ping the test laptop and each other.  However, the remote clients cannot ping the remote host and the test laptop cannot ping the remote clients.  

I'm at my wits end so i'm hoping for a second set of eyes that might be able to point me in the right direction.  At this point, I'll take anything that might help me get this thing going.  Thank you in advance for any and all help. 
:
ASA Version 9.8(1)
!
hostname vpngw
domain-name petrasystems.com
enable password $sha512$5000$Ng3laNARsSaxspkUMqYvDA==$rJ5pN75adP3G6KKjq07ViQ== pbkdf2
names
ip local pool 172.16.1.1 172.16.1.2-172.16.1.254 mask 255.255.255.0
ip local pool barbados-172-26-200-0 10.180.0.126-10.180.0.127 mask 255.252.0.0

!
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 67.132.xxx.xxx 255.255.255.248
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.26.201.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif if_remoteusers
security-level 0
ip address 65.118.xxx.xxx 255.255.255.240
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/5
shutdown
no nameif
security-level 100
no ip address
!
interface GigabitEthernet0/6
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/7
shutdown
no nameif
security-level 0
no ip address
!
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.7.1 255.255.255.0
!
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns server-group DefaultDNS
domain-name petrasystems.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network static_nat_67.132.xxx.xxx
host 67.132.xxx.xxx
description statis nat to jumpbox
object network obj_Inside_Test_Nat
object network net_any
subnet 0.0.0.0 0.0.0.0
object network Bar_Net
subnet 192.168.10.0 255.255.255.0
object network net_JMEDN_1
subnet 172.30.1.0 255.255.255.0
description 172.30.1.0
object network net_JMEDN_2
subnet 172.30.50.0 255.255.255.0
description 172.30.50.0
object network CWD_PROD
subnet 172.26.200.0 255.255.255.0
object network NETWORK_OBJ_172.26.200.0_24
subnet 172.26.200.0 255.255.255.0
object network ncremoteusers
subnet 10.180.0.0 255.252.0.0
object network ncsupportnet
subnet 172.26.201.0 255.255.255.0
object network nctestlaptop
host 172.26.201.254
object network nat_nctestlaptop
host 10.180.0.254
object network 10.180.0.126
host 10.180.0.126
object-group protocol DM_INLINE_PROTOCOL_2
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object ip
protocol-object icmp
object-group protocol DM_INLINE_PROTOCOL_6
protocol-object ip
protocol-object icmp
object-group network netJMEDN
network-object object net_JMEDN_1
network-object object net_JMEDN_2
object-group service DM_INLINE_SERVICE_1
service-object esp
service-object udp destination eq isakmp
object-group protocol DM_INLINE_PROTOCOL_3
protocol-object ip
protocol-object esp
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object esp
service-object udp destination eq isakmp
object-group service DM_INLINE_SERVICE_3
service-object ip
service-object esp
service-object udp destination eq isakmp
object-group network DM_INLINE_NETWORK_1
network-object object 10.180.0.126
network-object object ncremoteusers
access-list outside_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object-group netJMEDN
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any any
access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_3 any any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu if_remoteusers 1500
mtu management 1500
no failover
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 16384
nat (if_remoteusers,outside) source static ncremoteusers ncremoteusers destination static netJMEDN netJMEDN no-proxy-arp inactive
nat (outside,inside) source static ncremoteusers ncremoteusers destination static ncsupportnet ncsupportnet
nat (inside,outside) source static ncsupportnet ncsupportnet destination static ncremoteusers ncremoteusers
nat (inside,outside) source dynamic net_any interface inactive
nat (inside,outside) source static nctestlaptop nat_nctestlaptop destination static netJMEDN netJMEDN
nat (inside,if_remoteusers) source static nctestlaptop nat_nctestlaptop destination static netJMEDN netJMEDN
nat (inside,if_remoteusers) source static nctestlaptop nat_nctestlaptop destination static ncremoteusers ncremoteusers
access-group outside_access_out out interface outside
route if_remoteusers 0.0.0.0 0.0.0.0 65.118.77.129 1
route outside 8.12.xxx.xxx 255.255.255.255 67.132.xxx.xxx 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication login-history
http server enable
http 172.23.0.0 255.255.255.0 management
http 192.168.7.0 255.255.255.0 management
http 67.132.xxx.xxx 255.255.255.255 outside
http xxxx 255.255.255.255 outside
http xxxx 255.255.255.255 if_remoteusers
snmp-server location LAB
snmp-server contact user
snmp-server community *****
sysopt connection tcpmss 1379
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal barbados-1
protocol esp encryption aes
protocol esp integrity sha-1
crypto ipsec security-association lifetime seconds 86400
crypto ipsec security-association lifetime kilobytes unlimited
crypto ipsec security-association replay window-size 128
crypto ipsec security-association pmtu-aging infinite
crypto ipsec df-bit clear-df outside
crypto ipsec df-bit clear-df if_remoteusers
crypto ipsec inner-routing-lookup
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto map outside_map0 1 match address outside_cryptomap
crypto map outside_map0 1 set pfs
crypto map outside_map0 1 set peer 8.12.xxx.xxx
crypto map outside_map0 1 set ikev2 ipsec-proposal AES256
crypto map outside_map0 1 set ikev2 pre-shared-key *****
crypto map outside_map0 1 set security-association lifetime kilobytes unlimited
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface outside
crypto map map_remoteusers 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map map_remoteusers interface if_remoteusers
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=ciscoasa
keypair xxxxx
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate 0ceeea5a
308202d4 308201bc a0030201 0202040c eeea5a30 0d06092a 864886f7 0d01010b
0500302c 3111300f 06035504 03130863 6973636f 61736131 17301506 092a8648
86f70d01 09021608 63697363 6f617361 301e170d 31383035 30373136 34323436
5a170d32 38303530 34313634 3234365a 302c3111 300f0603 55040313 08636973
636f6173 61311730 1506092a 864886f7 0d010902 16086369 73636f61 73613082
0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 010100ae
d5de8bbe 0299a6f3 61892482 bebed3f6 c7b27d34 3a0d0e1b 6eeab969 ca2f510f
319a198e d0331fd6 cfbcc7a2 75e285c5 a014a3d2 f4b6b7cd 9b8d7ad1 919f461d
10dce8b6 1a2420fd 79871720 32baedb0 b93b1e12 628c6e83 850cc344 6e6ba943
32083e4e fade2bb5 0c82fc46 2f332a3f 0dc5c853 2594bfc1 dbf93b76 27c2a13e
04a0ac93 e56779e4 600efa21 601948a6 63cf0915 579c1d77 bdff991d a7b481ec
0fa74391 0ac03b0e cca5b9e4 b88d530f 7d561695 3906b29e 998c3f68 f678ff3c
05aa9994 20eb0863 2551deb7 b7d72a06 2e33d4c9 facd0884 e16f6aa0 a8c9d66b
1c0ba35e 6b27309a 5f4b37b2 7d37dde1 3f19ef02 11a54479 ebfe6157 be929b02
03010001 300d0609 2a864886 f70d0101 0b050003 82010100 0b64f2ad 41bf8318
ed87cb3a 90b1da5d 82d3f11c 164ec2a7 f6bb8948 799aefd1 b822688c 693e8d3d
e10f81b3 1d5afdf6 ee2ddc9b f7ac19de 4df24bbe 13bb8114 f0d333b2 434260bb
e5483355 79fbe25e 4774bbc6 16344a6c 060cdc2d 3604ce12 7913ab4d ee600b1d
357644bc 281ee1fd 8a751d20 4ebbd247 48e3cfca 15f3940a 8a974fa2 1db47f31
1012f268 59c3d54c 61c18daa ee8b3dca c0231b8f 7eb846d4 dd0400fe 5f313e22
9f9e19c5 6f2c40be 6c9c63f3 375327b1 ab4a3ac6 e07fb7f9 3ad82f3d 4af07fa4
17c8eac0 5076f238 6db37b56 c997326f 208251db ec65725a 657a13c2 e539080a
5339556e 5ff755d1 25d2fba1 b409e66d 152a16a4 fe8adb13
quit
crypto ikev2 policy 1
encryption aes-256 aes-192 aes 3des
integrity sha md5
group 5 2
prf sha md5
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 2
prf sha256
lifetime seconds 28800
crypto ikev2 policy 20
encryption aes
integrity sha
group 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha md5
group 5 2
prf sha md5
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity md5
group 2
prf md5
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev2 enable if_remoteusers client-services port 443
crypto ikev2 cookie-challenge never
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 enable if_remoteusers
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 2
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 3
authentication pre-share
encryption des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 5
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet timeout 5
ssh scopy enable
ssh stricthostkeycheck
ssh 67.132..xxx.xxx255.255.255.255 outside
ssh xxxx 255.255.255.255 outside
ssh 192.168.10.0 255.255.255.0 inside
ssh 172.26.201.0 255.255.255.0 inside
ssh xxxx 255.255.255.255 if_remoteusers
ssh 172.23.0.0 255.255.255.0 management
ssh 192.168.7.0 255.255.255.0 management
ssh timeout 30
ssh cipher encryption all
ssh key-exchange group dh-group14-sha1
console timeout 0
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd lease 300 interface inside
dhcpd option 3 ip 172.26.200.1 interface inside
!
dhcpd address 192.168.7.91-192.168.7.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 128.138.141.177 source outside prefer
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 inside
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
default-domain value petrasystems.com
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
default-domain value petrasystems.com
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
group-policy barbados-tg internal
group-policy barbados-tg attributes
dns-server none
dhcp-network-scope none
vpn-simultaneous-logins 100
vpn-filter none
vpn-tunnel-protocol ikev1 ikev2
group-lock value barbados-tg
pfs disable
default-domain none
secure-unit-authentication disable
address-pools value barbados-172-26-200-0
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-filter none
vpn-tunnel-protocol ikev2
dynamic-access-policy-record DfltAccessPolicy
username barbados password $sha512$5000$/BFZt0rF0e/S9i8YjuXB2Q==$DxhirnJXwjkoFTa9QMkJzw== pbkdf2
username administrator password $sha512$5000$yc4V6S/qxGCQZ9eWvbTTiA==$am32vzQqS444jid08NBvlg== pbkdf2 privilege 15
username jworosylo password $sha512$5000$iqlJSuUInGLdUiLsZr02dw==$XJIZkEheqrOjgYI6DEhYGQ== pbkdf2 privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool barbados-172-26-200-0
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
tunnel-group 8.12.xxx.xxxtype ipsec-l2l
tunnel-group 8.12.xxx.xxx general-attributes
default-group-policy GroupPolicy1
tunnel-group 8.12.xxx.xxx ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group barbados-tg type remote-access
tunnel-group barbados-tg general-attributes
address-pool barbados-172-26-200-0
default-group-policy barbados-tg
tunnel-group barbados-tg ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:317e6f9b4bc39886c3dfc234c9a4de17
: end