Can’t ping ASA inside interface over IPSec VPN
Even though, IPSec VPN is successfully established between 2 ends of your network, you can’t ping ASA inside over IPSec VPN from the other end. Basically, you cannot remotely manage Cisco ASA through the VPN tunnel. You also noticed that inside interface is reachable from LAN.
The problem is with manual NAT statement that overlaps with Management-access interface IP address. Adding “route-lookup” keyword at the end of NAT statement resolves the issue.
Overlapping NAT statement:
nat (inside,outside) source static sn-10.1.120.0 sn-10.1.120.0 destination static wv-192.168.1.0 wv-192.168.1.0
nat (inside,outside) source static sn-10.1.120.0 sn-10.1.120.0 destination static wv-192.168.1.0 wv-192.168.1.0 route-lookup
You do not need to delete and recreate NAT statement, just execute the same NAT statement by adding route-lookup at the end.