OK, so an HD4 LAN client would not get a NAT when going through the VPN. The firewall knows how to get to those remote networks by pointing to the Balance but does it have a NAT exemption policy for this traffic?
Source = remote private networks
Destination = local private network
Don’t NAT
Source = local private network
Destination = remote private networks
Don’t NAT
Is it possible that ping requests are getting to the Site A network but the PA is doing a NAT with the ping response?