We have three sites. Two remote sites (sites B and C) are connected to the main site (site A) using site-to-site vpn tunnels on Cisco ASA 5505s. Site A IP net is 172.20.28.0/24. Site B is 172.21.28.0/24. Site C is 172.22.28.0/24. At site A, we have two ASA 5505s installed. ASA #1 is used for systems at site A to access the internet, and it is used for employees to remotely access the network using Cisco's legacy VPN client. ASA #2 at site A is used for the Site-to-site VPNs between sites A and B and sites A and C. All systems local to site A network can ping systems on both the site B network and the site C network. Systems on the site B network can ping systems on the Site A network, as can systems on the site C network. Remote VPN clients receive a 172.20.28.xxx ip address when connected to Site A VPN. The problem is that VPN clients cannot successfully ping systems in either site B or C, even when systems local to site A can. We have set up proper routing statements on the VPN clients.