Hi dears

I have a problem with VPN Client

As you see in the picture, my VPN Client can connect to the ASA
ASA is able to ping pc-3
PC-2 is able to ping PC-3,
But PC-1 can not ping PC-3.

Can someone help me please,

this is my ASA config:

.......

interface Ethernet0/0
nameif Outside
security-level 0
ip address x.x.x.1 255.255.255.1
NO SHUT
exit

interface Ethernet0/3
nameif Inside
security-level 100
ip address 10.10.10.20 255.255.255.0
NO SHUT
exit

access-list 100 extended permit icmp any any
access-list Inside_nat0_outbound extended permit ip 20.20.20.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 10.10.10.0 255.255.255.0 10.10.10.0 255.255.255.0

ip local pool GSM 10.10.10.150-10.10.10.250 mask 255.255.255.0

nat (Inside) 0 access-list Inside_nat0_outbound
access-group 100 in interface Outside
route Outside 0.0.0.0 0.0.0.0 x.x.x.2 1
route Inside 20.20.20.0 255.255.255.0 10.10.10.1 1

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group2
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400

policy-map global_policy
class inspection_default
  inspect icmp

group-policy GSM internal
group-policy GSM attributes
vpn-tunnel-protocol IPSec

username test password test privilege 0
username test attributes
vpn-group-policy GSM

username MGMG password MGMG privilege 15

tunnel-group GSM type remote-access
tunnel-group GSM general-attributes
address-pool GSM
default-group-policy GSM

tunnel-group GSM ipsec-attributes
pre-shared-key 1234

same-security-traffic permit intra-interface