Help, please! Cannot access the web after connected to the VPN

Hello

I'm a newbie on Cisco products.  I configured a Cisco ASA 5505 with VPN firewall.  However, I can't access the web after I connected to the remote IPSec VPN.  I also cannot connect to the bands using the intellectual property.  But I can connect to the internal servers in the office with no problems.

Here is my setup, can someone help please?  Thank you very much

ASA Version 8.2 (5)

!

host name asa

xxxxxxxxx.com domain name

enable the encrypted password xxxxxxxxxxx

xxxxxxxxxxx encrypted passwd

names of

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

interface Vlan1

nameif inside

security-level 100

IP 192.168.1.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

IP address dhcp setroute

!

passive FTP mode

area of zone clock - 8 schedule

clock summer-time recurring PDT 1 Sun Apr 02:00 last Sun Oct 02:00

DNS lookup field inside

DNS server-group DefaultDNS

Server name 107.204.233.222

name-server 192.168.1.3

xxxxxxxxx.com domain name

inside_nat0_outbound list of allowed ip extended access all 192.168.1.96 255.255.255.240

pager lines 24

Enable logging

asdm of logging of information

Within 1500 MTU

Outside 1500 MTU

IP local pool sc-192.168.1.100 - 192.168.1.110 mask 255.255.255.0

ICMP unreachable rate-limit 1 burst-size 1

don't allow no asdm history

ARP timeout 14400

Global 1 interface (outside)

NAT (inside) 0-list of access inside_nat0_outbound

NAT (inside) 1 192.168.1.0 255.255.255.0

NAT (inside) 1 0.0.0.0 0.0.0.0

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

Floating conn timeout 0:00:00

dynamic-access-policy-registration DfltAccessPolicy

the ssh LOCAL console AAA authentication

Enable http server

http 192.168.1.0 255.255.255.0 inside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

outside_map interface card crypto outside

Crypto ca trustpoint _SmartCallHome_ServerCA

Configure CRL

crypto ISAKMP allow outside

crypto ISAKMP policy 10

preshared authentication

3des encryption

sha hash

Group 2

life 86400

Telnet timeout 5

SSH 192.168.1.0 255.255.255.0 inside

SSH timeout 5

Console timeout 0

interface ID client DHCP-client to the outside

dhcpd outside auto_config

!

dhcpd address 192.168.1.5 - 192.168.1.36 inside

dhcpd dns 107.204.233.222 inside the 192.168.1.3 interface

dhcpd allow inside

!

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

WebVPN

internal strategy group xxxxxxxx-sc

attributes of xxxxxxxx-sc group policy

value of 107.204.233.222 DNS server 192.168.1.3

Protocol-tunnel-VPN IPSec

XXXXXXXXXX.com value by default-field

xxxxx xxxxxxxxxxx encrypted password username

Strategy Group-VPN-xxxxxxxx-sc

remote access to tunnel-group xxxxxxxx-sc type

attributes global-tunnel-group xxxxxxxx-sc

address sc-pool pool

Group Policy - by default-xxxxxxxx-sc

tunnel-group xxxxxxxx-sc ipsec-attributes

pre-shared key *.

!

class-map inspection_default

match default-inspection-traffic

!

!

type of policy-card inspect dns preset_dns_map

parameters

maximum message length automatic of customer

message-length maximum 512

Policy-map global_policy

class inspection_default

inspect the preset_dns_map dns

inspect the ftp

inspect h323 h225

inspect the h323 ras

inspect the rsh

inspect the rtsp

inspect esmtp

inspect sqlnet

inspect the skinny

inspect sunrpc

inspect xdmcp

inspect the sip

inspect the netbios

inspect the tftp

Review the ip options

!

global service-policy global_policy

context of prompt hostname

call-home service

anonymous reporting remote call

call-home

contact-email-addr [email protected] / * /

Profile of CiscoTAC-1

http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

email address of destination [email protected] / * /

destination-mode http transport

Subscribe to alert-group diagnosis

Subscribe to alert-group environment

Subscribe to alert-group monthly periodic inventory

monthly periodicals to subscribe to alert-group configuration

daily periodic subscribe to alert-group telemetry

Cryptochecksum:5c1c99b09fb26fcc36a8bf7206af8e02

: end

Hello

Try adding the following commands

permit same-security-traffic intra-interface

NAT (outside) 1 192.168.1.96 255.255.255.240

Is there are always problems with VPN then I would maybe change VPN pool to anything other than something that comes into conflict with the LAN.

In this case, these configurations should do the trick

In order from top to bottom, they would do the following things

  • First remove the pool VPN and VPN configurations
  • Then remove the VPN pool
  • Remake of the VPN Pool with different network
  • Reattach the VPN pool for VPN configurations
  • Configure NAT0 to the new cluster of VPN
  • Remove the old line of the ACL of the configuration of NAT0

attributes global-tunnel-group xxxxxxxx-sc

no address-sc-swimming pool

no ip local pool sc 192.168.1.100 - 192.168.1.110 mask 255.255.255.0

IP local pool sc-192.168.2.10 - 192.168.2.254 mask 255.255.255.0

attributes global-tunnel-group xxxxxxxx-sc

address sc-pool pool

inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.2.0 255.255.255.0

no access list inside_nat0_outbound extended permits all ip 192.168.1.96 255.255.255.240

Of course you also have the NAT configuration for VPN pools new Internet traffic

NAT (outside) 1 192.168.2.0 255.255.255.0

Please rate if the information has been useful if this resolved the issue as mark responded.

-Jouni

Tags: Cisco Security

Similar Questions

  • help Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.

    I downloaded a game and I'm going to open and it says Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.

    The thing is I had this game on this laptop before and worked fine.

    But every time that there is a update for the game, you have to uninstall it and then reinstall it.

    When I reinstalled it.

    I now get Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.

    It's windows 8, I am using.

    What is the problem?

    Hello

    Thanks for the reply.

    You can try to temporarily disable the antivirus program and check the results. It can also occur if you have not enough permission to run the file.

    Caution:

    Antivirus software can help protect your computer against viruses and other security threats. In most cases, you should not disable your antivirus software. If you need to disable temporarily to install other software, you must reactivate as soon as you are finished. If you are connected to the Internet or a network, while your antivirus software is disabled, your computer is vulnerable to attacks.

     

    Response with status.

  • Help! Cannot access the user account control settings!

    I have disabled UAC today because I wanted to delete some files. However, it did not work so I went back and tried to click on UAC to allow him once again, but I can't. The UAC window is not pop up. Help please!

    I also created a new account but I couldn't access the UAC on this account either. I restarted my computer 2 times already. What should I do?

    Here you go:

    1. keep tapping F8 during the first phase of startup.
    2. select Repair from the menu.
    3. Select an administrator account, and then enter its password.
    4. When you are prompted, select System Restore.
    5. set Windows to a point before this problem occurred.

  • Cannot access the VPN server located behind the corporate firewall.

    The VPN server was created by myself, in my Department. I can access the server from anywhere when I am in my business network. When I'm at home, I can't even ping the VPN server WAN interface. When I try to connect via the cisco VPN client, I get the message ' reason 412: peer remote not responding. "

    The main my company firewall blocks external traffic?

    Should I change anything in the VPN server?

    I heard about port forwarding, but have no knowledge about this. Port forwarding is done on the VPN server or the main firewall?

    Also should I go and ask the company system administrator to enable certain ports for the public IP address that I use for my server?

    I hope you can help

    Concerning

    Yes, quite correct. Please open ESP protocol UDP/500 and UDP/4500 for IPSec VPN.

  • Firefox starts up. Said 'it's embarrassing... "but do not restore or close because never answers. Updated and restart without help. Cannot access the options.

    Unresponsive. Updated and rebooted without success. Can't seem to 'options' due to no response. Always 'it's embarrassing... "but to restore or close button ends up making inadmissible browser. Closed with Taché also. Can't get into safe mode.
    BP-20b2f065-d592-4b67-8020-7714a2130305

    Some Firefox problems can be solved by performing a clean reinstall. This means that you remove Firefox program files, and then reinstall Firefox. Please follow these steps:

    Note: You can print these steps or consult them in another browser.

    1. Download the latest version of Firefox from http://www.mozilla.org office and save the installer to your computer.
    2. Once the download is complete, close all Firefox Windows (click on quit in the file menu or Firefox).
    3. Remove the Firefox installation folder, which is located in one of these locations, by default:
      • Windows:

        • C:\Program Files\Mozilla Firefox
        • C:\Program Files (x 86) \Mozilla Firefox
      • Mac: Delete Firefox in the Applications folder.
      • Linux: If you have installed Firefox with the distribution-based package manager, you must use the same way to uninstall: see Install Firefox on Linux. If you have downloaded and installed the binary package from the Firefox download page, simply remove the folder firefox in your home directory.
    4. Now, go ahead and reinstall Firefox:
      1. Double-click on the downloaded Setup file and go through the steps in the installation wizard.
      2. Once the wizard is completed, click to open Firefox directly after clicking the Finish button.

    Please report back to see if this helped you!

  • I have 2 laptops and one desktop. Desktop & laptop are very good. 2nd laptop computer cannot access the internet. I get a message media disconnected. I tried everything please help. I use Windows XP

    I have 2 laptops and one desktop.  Desktop & laptop are very good. 2nd laptop computer cannot access the internet. I get a message media disconnected. I tried everything please help.  I use Windows XP

    Hi JessaRoy,

    · The computer connected to the network or are they computer autonomous?

    · What is the number and the model of the computer?

    · What is the service pack installed don the computer?

    · What is the full error message with the error code, that's all?

    · What are the steps you tried to solve the problem?

    Try the steps from the link below: to test TCP/IP connections by using the ping and the commands net view: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_tcpip_pro_pingconnect.mspx?mfr=true

    With regard to:

    Samhrutha G S - Microsoft technical support.

  • On my user account on my labtop when I click on a program, such as mozilla firefox, it happens 'windows cannot access the specified device, path or file. May not be the appropriate permissions for access you point. "Please help

    On my user account on my labtop when I click on a program, such as mozilla firefox, it happens 'windows cannot access the specified device, path or file. May not be the appropriate permissions for access you point. "This message appears for firefox, AVG, Windows live messenger, windows MediaPlayer etc.

    I can access my documents, Panel etc. and everything is there, but it won't let me not get access to the programs.

    Also when I go to click on itunes and open office it happens "this file has no program associated with it for performing this action. Create an association in the set associations Control Panel.

    Given that I was able to access control panel, I was able to create a new user and use it for now to send this message and all programs have worked on it and I was able to check for the presence of viruses on the Avg on this and everything was clear.

    Could you please explain whats wrong and tell me how to fix this please: D thanks

    Hello
     
    1. don't you make changes before the show?
    2. is the computer is joined to the domain controller?
     
    You can not start any application on a client computer that is joined to the domain controller. When you try to start this type of application, you receive an error message similar to the following:
    "Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.

    This can also occur if the user account is damaged. If the computer is not connected to a domain controller, try the following steps.
    1. connect to another user account and create a new user account to fix the damaged user account.
    For more information about creating a new user account and the fixing corrupt user account, visit this link: http://windows.microsoft.com/en-US/windows-vista/Fix-a-corrupted-user-profile
     
    Previous post the results in more detail, so that we can help you further.
     
    I hope this helps.
     
    Kind regards
    Syed
    Answers from Microsoft supports the engineer.

  • I tried to download PES 13 and everything I had, it was a folder called 'Package' which I still cannot access the post-secondary education program. I have a Compaq laptop with Windows 7. Help, please.

    I tried to download PES 13 and everything I had, it was a folder called 'Package' which I still cannot access the post-secondary education program. I have a Compaq laptop with Windows 7. Help, please.

    Make sure you download the windows files.

    You must download a 7z and an exe file.  put them both in the same directory and double-click on the exe file.

    Available downloadable Setup files:

    Download and installation help links Adobe

    Help download and installation to Prodesigntools links can be found on the most linked pages.  They are essential; especially steps 1, 2 and 3.  If you click on a link that does not have these listed steps, open a second window by using the link to Lightroom 3 to see these "important Instructions".

    window using the Lightroom 3 link to see these "important Instructions".

  • When I receive e-mails with an attachment can not open, it says: Windows media player cannot access the file, Please HELP

    WHEN I RECEIVE AN EMAIL WITH AN ATTACHMENT I CAN'T OPEN IT. IT SAYS WINDOWS MEDIA PLAYER CANNOT ACCESS THE FILE.

    Help, please

    How this is related to Windows Update, John?

  • HP 15 laptop: laptop computer is connected to the wi - fi connection, but cannot access the internet

    Hello

    My problem is my WiFi says its connected but I can't browse or access the internet.it just tells me "unable to connect to internet computer is not connected to the internet", but my wifi says 'connected'.i tried to go to the cmd prompt and typed in "netsh int ip reset resetlog.txt c:\" goal it shows me "reset failed.access is denied .he don't s no user specified settings to be reset to zero." please "» What can I do?

    Thanks in advance.

    Hello @jerome256,

    Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums, I would like to draw your attention to the HP Forums Guide first time here? Learn how to publish and more.

    I understand that you are having a problem with your WiFi and wanted to help you!

    You are trying to access WiFi through router?  If you are connected to your wireless network, but cannot access the internet, then the problem may be with the router.  Check that the router is connected to the internet.  If you have more than one router, then you can ensure that you are connected to the correct router.  You can also try unplugging the router for about 30 seconds, and then reconnecting it.  Please consult the following document, as it can help solve the problem for you:

    HP PC - Troubleshooting wireless network and Internet (Windows 10)

    Please let me know if this information has been helpful by clicking the thumbs up below.

    Have a great day!

  • Receives the following message after opening a downloaded game: 'Windows cannot access the specified device, path or file. You can not have the appropriate permissions to access the item.

    Hello!
    So I'm at the end of my rope with this one... it lasts for months, and I keep revisitng every two weeks to try and fix that and every time to be completely frustrated.  I found this forum tonight, so here goes...

    We downloaded a few games on the HP Games Web site.  We download them and everything works fine.  Then, we will open the games and this pop up error message:
    "Windows cannot access the specified device, path or file.  You can not have the appropriate permissions to access the item.

    These games used to run fine, and I have no idea why they now have problems.  We have a Vista operating system, 1 account who is the administrator, the Parental control is disabled (or if we believe).

    If anyone can please help it would be much appreciated!  We have a monthly membership to this site of game and continue to accumulate credits, but may not use it.  It makes us crazy!

    Thank you in advance!

    Hello Heathie,

    Thank you for posting.  It seems that the program is no longer on your computer.  This can happen if the game files are deleted, but the game itself has not been uninstalled correctly.  I recommend you to download the game again to a location on your computer where you can easily find and install it.  This should fix the problem.

    Please let me know if this helps you.
    Zack
    Engineer Microsoft Support answers visit our Microsoft answers feedback Forum and let us know what you think.

  • cannot access the internet after upgrading to firefox 30.0 on windows 7

    After the upgrade to firefox 30.0 on windows 7, cannot access the internet. FF 30.0 works OK under Vista

    Sometimes it's because of your security software thinking that the upgrade may not be legitimate. You can consult this article: problems connecting to websites after Firefox update.

  • help please all access refused to display any files or folders including word and images in the library

    help please, any access to my files and folders denied including pictures and word documents in the library.

    Hello
    • What were the changes made before the problem occurred?
    • What version of Windows are you using?
    • What is the full error message that you receive?
    • Connect you as an administrator?
    You can check these links:
    Diagnose and repair Windows files and folders problems automatically
     
    How to open a file if I get an access denied message?
    See also:
    Troubleshoot "access denied" when opening files or folders
    Note: This link also means on Windows 7

  • Cannot access internet without going through "Online Help & Support." ("Windows cannot access the specified path. You cannot ot have permission.)

    Problems: Access to the internet.    2. right of PC, for example, clock, Favorites, etc. does not appear on the screen while booting.

    3. cannot access the Micro password

    Error message: «Windows cannot access the path specified...» »

    When I'm online through the icon help & Support, still cannot access all the other icons; needs access to sites through links.

    First of all, there is problem when I played the game on 'brightness (MySpace link); PC seems to crash and the problem has continued since then.

    I have no idea what to do and I'm a bit of a novice.  In addition, have physical difficulties which slows me down or interferes with the ability to work through problems.

    Applications and links of Facebook can be very dangerous. Please start with the basics to ensure that you are working from a clean base. You will need to obtain the tools of a different, known-clean computer with access to the Internet and put them on a USB stick to transfer to the affected machine.

    http://www.elephantboycomputers.com/page2.html#Removing_Malware

    If you can't do the work yourself (and there is no shame in admitting this isn't your cup of tea), take the machine to a professional computer repair shop (not your local equivalent of BigComputerStore/GeekSquad). If possible, have all your data backed up before taking the machine into a shop.

    MS - MVP - Elephant Boy computers - don't panic!

  • Unable to connect to the application Windows 8 music. I get an error "Cannot access the file."

    Hello

    When I open the Windows 8 Xbox music app I can't connect. Here's the exact error code.
    "Cannot access the file. Make sure that the file is not in use, you can access the file is stored, and that your network proxy settings are correct, and then try again.
    Error code: 0xc00d11d2 (0x80070005)
    I can sign in all other Windows 8 modern Apps without problem.
    Thank you
    Andy

    I created a local account and recreated my Windows Live profile and that fixed the issue.

    Thanks for your help.

  • Cannot access the disk in the drive E:, please make sure that the drive is ready and the disk is not write protected.

    When I try to backup Quicken, I received the error: cannot access the disk in the drive E:, please make sure that the drive is ready and the disk is not write protected.  My last backup of Quicken was 16/07/2010.  I don't know why I can't back up now.  Is there a way to fix this?

    Why not save to a folder on your hard drive and burn them to a CD - R from there? I can't tell from the little you wrote if the problem is with Quicken (not work or you have incorrectly backup location) or with your CD - RW drive. How about more details to work with? This will give you an idea of what to write:

    The first Question of troubleshooting: If the problem is new, what has changed between the time things worked and the time they do not have?

    http://www.elephantboycomputers.com/page2.html#Tech_Support - See the article "how to write a Post.
    http://support.microsoft.com/default.aspx/kb/555375 - how to ask a Question

    MS - MVP - Elephant Boy computers - don't panic!

Maybe you are looking for

  • Target mode iMac won't start plu

    My iMac 27-inch became unbootable, due to the well known failure of AMD Radeon HD 6970 M video card. My computer is 4 years and 4 months and Apple refuses to replace the card through the replacement program. I'm not ready to pay the amount to fix the

  • run us a business and I need my iphone finaces texts and the browser history sent from my iphone. It does not look, I need just as his envoy to mine. How can we do this

    Hello Recently, we started a new business and have many contacts if intouch with his phone, and we are simply not able to my number there at each of them. My fiance is have a time difficult to return all customers of follow-up as well we lose busines

  • EtreCheck on slow macbook pro pls HELP!

    Hi - I made a clean of El Capitan installation after that I erased everything on my macbook, because of the amount of waste for 3 years. But now he runs even slower that before I erased everything. And he constantly beachballing and freezer a lot sin

  • T540p Windows 7 deployment using MDT

    Display drivers do not load. I tried the drivers of the Lenovo model Web page as well as the driverpack. I have two inputs "Standard VGA Graphics Adapter. The 2nd (NVIDIA according to PnPID) has a yellow bang. What Voodoo is necessary to make this wo

  • In the Subvi VI main event

    Trying to raise events from a main vi. I created an example vi as a basic unit of a much larger program. The high level vi called a Subvi that contains a structure of the event.  The Subvi works permanently and will close when the program is stopped