We have two ASA 5505s. One accepts remote connections from clients coming into our office, the other has a tunnel from our office into AWS.
In the attached diagram, the red lines denote ping paths. I'm able to ping from a VPN client all the way to the AWS-VPN ASA. I'm also able to ping from an AWS instance all the way to the remote access VPN ASA. But I can't seem to ping past these firewalls into the VPN tunnel/clients they support.
I've attached the routing tables of each ASA.
ASA-01
Gateway of last resort is x.58.107.57 to network 0.0.0.0 S* 0.0.0.0 0.0.0.0 [1/0] via x.58.107.57, OUTSIDE C x.58.107.56 255.255.255.252 is directly connected, OUTSIDE L x.58.107.58 255.255.255.255 is directly connected, OUTSIDE C 172.16.0.0 255.255.252.0 is directly connected, COMPUTE L 172.16.0.1 255.255.255.255 is directly connected, COMPUTE C 172.16.8.0 255.255.254.0 is directly connected, GUEST L 172.16.8.1 255.255.255.255 is directly connected, GUEST C 172.16.10.0 255.255.254.0 is directly connected, TRUSTED L 172.16.10.1 255.255.255.255 is directly connected, TRUSTED C 172.16.12.0 255.255.254.0 is directly connected, DMZ L 172.16.12.1 255.255.255.255 is directly connected, DMZ S 172.30.0.0 255.255.0.0 [1/0] via 172.16.0.2, COMPUTE C 192.168.255.0 255.255.255.0 is directly connected, INFERNO L 192.168.255.1 255.255.255.255 is directly connected, INFERNO ASA-02
Gateway of last resort is x.142.10.213 to network 0.0.0.0 S* 0.0.0.0 0.0.0.0 [1/0] via x.142.10.213, OUTSIDE-PHONES C x.142.10.212 255.255.255.252 is directly connected, OUTSIDE-PHONES L x.142.10.214 255.255.255.255 is directly connected, OUTSIDE-PHONES C 172.16.0.0 255.255.252.0 is directly connected, COMPUTE L 172.16.0.2 255.255.255.255 is directly connected, COMPUTE S 172.16.4.0 255.255.255.0 [1/0] via 172.16.0.1, COMPUTE C 172.16.60.0 255.255.254.0 is directly connected, PHONES L 172.16.60.1 255.255.255.255 is directly connected, PHONES S 172.30.0.0 255.255.0.0 [1/0] via x.142.10.213, OUTSIDE-PHONES 