Remote VPN connected but do not go anywhere.

Similar Questions

• pix501 vpn to connect but can not get anywhere

  That's how I'm Setup. DSL > linksys wireless router > pix 501. The wireless connects to a cisco 2924 > router 3com > line T1. The T1 line is used for a secure Web site to which we have access. I have the pix configuration, I can connect to the vpn and get an ip address, but I can only ping the external interface of the pix, nothing else. I want to be able to rdp in some machines on the local network, but I can't see them. The CLI I ping the router (10.29.30.238) of 3com, but not all the machines in the local network. (192.168.50.1) inside of the LIS, which connects the outside of her route (192.168.50.2) Linksys, the lan interface of linksys (10.29.30.102), which links outside the pix (10.29.30.103) and the inside of the pix (10.29.31.1), vpn clients receive an ip address of 10.29.31.50.59.

  Building configuration...

  : Saved

  :

  6.3 (5) PIX version

  interface ethernet0 car

  interface ethernet1 100full

  ethernet0 nameif outside security0

  nameif ethernet1 inside the security100

  activate the password xxx

  passwd xxx

  pixfirewall hostname

  domain ciscopix.com

  fixup protocol dns-length maximum 512

  fixup protocol ftp 21

  fixup protocol h323 h225 1720

  fixup protocol h323 ras 1718-1719

  fixup protocol http 80

  fixup protocol pptp 1723

  fixup protocol rsh 514

  fixup protocol rtsp 554

  fixup protocol sip 5060

  fixup protocol sip udp 5060

  fixup protocol 2000 skinny

  fixup protocol smtp 25

  fixup protocol sqlnet 1521

  fixup protocol tftp 69

  names of

  access-list 101 permit ip 10.29.31.0 255.255.255.0 any

  pager lines 24

  opening of session

  notifications of recording console

  ICMP allow all outside

  ICMP allow any inside

  Outside 1500 MTU

  Within 1500 MTU

  external IP 10.29.30.103 255.255.255.0

  IP address inside 10.29.31.1 255.255.255.0

  alarm action IP verification of information

  alarm action attack IP audit

  IP pool local Test 10.29.31.50 - 10.29.31.59

  location of PDM 10.29.30.0 255.255.255.0 outside

  location of PDM 10.29.31.0 255.255.255.0 inside

  location of PDM 192.168.5.0 255.255.255.0 outside

  location of PDM 10.29.30.0 255.255.255.0 inside

  PDM logging 100 information

  history of PDM activate

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

  Access-group 101 in external interface

  Route outside 0.0.0.0 0.0.0.0 10.29.30.102 1

  Timeout xlate 0:05:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

  H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

  Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00

  Timeout, uauth 0:05:00 absolute

  GANYMEDE + Protocol Ganymede + AAA-server

  AAA-server GANYMEDE + 3 max-failed-attempts

  AAA-server GANYMEDE + deadtime 10

  RADIUS Protocol RADIUS AAA server

  AAA-server RADIUS 3 max-failed-attempts

  AAA-RADIUS deadtime 10 Server

  AAA-server local LOCAL Protocol

  Enable http server

  http 0.0.0.0 0.0.0.0 outdoors

  http 10.29.31.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  SNMP-Server Community public

  No trap to activate snmp Server

  enable floodguard

  Sysopt connection permit-pptp

  Telnet 0.0.0.0 0.0.0.0 outdoors

  Telnet 10.29.31.0 255.255.255.0 inside

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  VPDN PPTP-VPDN-group accept dialin pptp

  VPDN group PPTP-VPDN-GROUP ppp mschap authentication

  VPDN group PPTP-VPDN-GROUP ppp encryption mppe auto

  client PPTP-VPDN-GROUP VPDN group configuration address local Test

  VPDN group VPDN GROUP-PPTP client dns ISP dns ips configuration

  VPDN group VPDN GROUP-PPTP pptp echo 60

  VPDN group VPDN GROUP-PPTP client for local authentication

  VPDN username user1 password *.

  VPDN allow outside

  VPDN allow inside

  dhcpd address 10.29.31.2 - 10.29.31.33 inside

  dhcpd lease 3600

  dhcpd ping_timeout 750

  dhcpd outside auto_config

  Terminal width 80

  Cryptochecksum:xxx

  : end

  [OK]

  Yes, if you RDP on a server inside the pix, you can access a server outside the pix (in the 10.29.30.x network).

  There are a few requirements for this:

  -The server your RDP first needs to have a route by default for the pix (or at least a route to network 10.29.30.x via the pix)

  -The server outside the pix must have a route to the Pix. (He needs a route for 10.29.31.x pointing to the external of the pix interface) This can be done with "route add" in a dosprompt

• Remote VPN - connect but then what? Newbie *.

  I have a 5505 and it's my first time with a unit of Cisco. My Internet works fine and my test configuration allows customers to connect properly. How do I access my network inside my remote clients?

  Hey tony,.

  So I guess that computers on your local network use 192.168.78.1 as the default gateway, and there is no path routing in pfSense router to send these back to the ASA. Please correct me if I'm wrong.

  Try to add a route on the router pfSense for the destination network 192.168.50.0/24 pointing to the inside of the interface of ASA 192.168.78.254. Let me know if it works!

  Kind regards

  Assia

• Remote VPN connection double

  Hello guys

  I have created three different remote VPN connections with three different networks. I can do the reasons but for some I don't mix everything.

  and iam with Cisco asa 5505 software Shrew Soft VPN, then my problem is

  -J' connected Shrew soft vpn remote, if I try to connected another remote vpn connection that will not accept the second connection, so please can someone give me a remote vpn connection software that accepts multiple connections

  Hello

  Since you mention the ASA and the VPN, I guess you are trying to connect by VPN Client to the same ASA?

  Why would you want to have multiple connections from VPN clients at the same time? (Although I think that it is not yet possible)

  What are you trying to accomplish in these 3 different configurations of Client VPN configured on the same ASA?

  is it not just possible to configure a VPN Client to ASA connection that would treat all traffic from these 3 VPN Client connections?

  -Jouni

• I am trying to create a VPN connection, but it does not work

  I am trying to create a VPN connection, but it does not work
  The wizard cannot establish a connection. And if I try to record simply does not connect
  It does not work. If I try to click on find the problem, there simply
  do nothing.
  I tried it on another pc, where it worked. So the problem is not the
  router or data network. And the curious thing is that I installed it before, but only from one day to the other, the VPN connection was missing.

  It does not create even a the connection icon
  Thank you

  Try a system restore to a Date before the problem began:

  Restore point:

  http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/

  Do Safe Mode system restore, if it is impossible to do in Normal Mode.

  Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

  Try a restore of the system once, to choose a Restore Point prior to your problem...

  Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.

  http://www.windowsvistauserguide.com/system_restore.htm

  Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.

  See you soon.

  Mick Murphy - Microsoft partner

• Cisco vpn client to connect but can not access to the internal network

  Hi all

  I have a VPN configured on cisco 5540. My vpn was working fine, but suddenly there is a question that the cisco vpn client to connect but can not access to the internal network

  Any help would be much appreciated.

  Hi Samir,

  I suggest that you go to the ASA and check the configuration to make sure that it complies with the requirements according to the reference below link:

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805734ae.shtml

  (The link above includes split tunneling, but this is just an option.

  Please paste the output of "sh cry ipsec his" here so that we can check if phase 2 is properly trained. I would say as you go to IPSEC vpn client on your PC and check increment in packets sent and received in the window 'status '.

  Let me know if this can help,

  See you soon,.

  Christian V

• I am trying to create a VPN connection, but when I get to the step that allows me to create the VPN, the radial buttons are greyed out.

  I am trying to create a VPN connection, but when I get to the step that allows me to create the VPN, the radial buttons are grayed out, it is a Windows component is missing and does not allow me to create VPN. I am running Windows XP Home addition. I recently got a Malware attack and had the quarantine and fix trojen attempts. After the restoration, I found that my previous VPN connection was broken. When I tried to add a new connection, I'm stuck on the screen connection virtual network in the the radial button private network connection wizard is grayed out, he could not check.

  Hello

  Your Windows XP question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the Windows XP TechNet forum. You can follow the link to your question:

  http://social.technet.Microsoft.com/forums/en/itproxpsp/threads

• WRT1200ac and WRT1900ac OPENVPN can connect but can not see the network

  I can connect but can not see the computers on the network. I've tried everything. Any help would be great. Thank you

  Firewalls are disabled on remote computers?

• The remote access connection manager could not start. Error 2: cannot find the specified file.

  I've updated from vista to the most recent update.

  I have windows vista Home premium 32-bit.
  I want to get this matter resolved without having to reinstall as I have a few games installed it on this system.
  The modem is not the issue as other computers connect very well.
  Thanks for the help from Microsoft.
  Recently, I tried to connect to the internet but that was not possible, because no connection could be established. The remote access connection manager does not start 2 error: could not find the specified domain. the RasMan-dependent services are started, but Manager logins remote does not start.

  Hi Mundilfar,

  You can try the folliwng steps and see if it helps.

  Step 1:

  You can try to scan the file system [SFC] checker on the computer that will replace missing or corrupt files & check if the problem persists.

  For more information, you can consult the following link.

  How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7

  Step 2:

  If you are always faced with the question, then you can try to give permission for the Rasman registry key and see if it helps.

  Important: The following steps show you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs.

  For more information about how to back up and restore the registry, follow the steps from the link below:

  Back up the registry

  a. Click Start, type regedit in the search box and press ENTER.

  b. Locate the following subkey:

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan

  c. right click on the key and click Permissions.

  d. Select Advanced, click on owner tab, click your user name, and check the 'Replace owner of subcontainers and objects', click Apply - click OK.

  e. click the user or group name that you want to work with.

  f. check allow total control. Click apply and then click OK.

  g. restart the computer and check.

  Hope this information is useful.

• Remote Desktop connection options are not available

  Original title - Remote Desktop connection

  Im trying to use the remote desktop connection, but when I go to test to enable it, it won't give me the three options at the base that are:

  1 do not allow connections to this computer
  2 allow the connection of computers running any version of remote desktop
  3 allow that connect the computers running remote...
  Can someone help me please?

  Hi JuanLeiva

   

  1. which edition of windows vista is installed on the computer?
  2. where exactly you check for settings?

  3. have you successfully activated the remote desktop connection to use?

   

  I suggest to refer to the links below and try allowing the remote desktop connection, as a result, then check if the problem is resolved.

  http://Windows.Microsoft.com/en-us/Windows-Vista/Remote-Desktop-connection-frequently-asked-questions

  http://Windows.Microsoft.com/en-us/Windows-Vista/connect-to-another-computer-using-Remote-Desktop-connection

   

  I hope this helps.

• Cannot access Internet. It says I'm connected but will not display web pages.

  Original title: web no

  Unable to connect to the web says I'm connected but does not display pages

  Hello

  I suggest that refer you to the articles below that explain some troubleshooting steps basic to perform when you receive Internet connection problems.

  Why can't I connect to the internet?

  http://Windows.Microsoft.com/en-GB/Windows/cant-connect-Internet

  Why can't connect me to a network?

  http://Windows.Microsoft.com/en-GB/Windows/cant-connect-to-network

  If the advice above do not work, try to run a startup mode in minimum mode which must start Windows with only a minimal set of services and programs.

  How to do a clean boot mode

  http://support.Microsoft.com/kb/929135

  Note: After you perform a clean boot, be sure to check the "How to reset the computer to start normally after a boot minimum troubleshooting" section on the article above to start Windows normally.

  Thank you

  Legaede

• I created a vpn connection, but can I create a shortcut to connect every time?

  I created a vpn connection, but can I create a shortcut to connect every time?

  I created a vpn connection, but can I create a shortcut to connect every time?

  Open network and sharing Center, go to the Edit card settings window and drag the VPN icon on your desktop.

• AnyConnect VPN connected but not in LAN access

  Hello

  I just connfigured an ASA to remote VPN. I think everything works but I do not have access

  for customers in the Local LAN behind the ASA.

  PC <==internet==>outside of the SAA inside<=LAN=> PC

  After AnyConnect has established the connection I can ping inside the Interface of the ASA

  but I can't Ping the PC behind the inside Interface.

  Here is the config of the ASA5505:

  : Saved

  :

  ASA Version 8.2 (1)

  !

  asa5505 hostname

  activate 8Ry2YjIyt7RRXU24 encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 192.168.178.254 255.255.255.0

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  Shutdown

  !

  interface Ethernet0/3

  Shutdown

  !

  interface Ethernet0/4

  Shutdown

  !

  interface Ethernet0/5

  Shutdown

  !

  interface Ethernet0/6

  Shutdown

  !

  interface Ethernet0/7

  Shutdown

  !

  passive FTP mode

  Inside_ICMP list extended access permit icmp any any echo response

  Inside_ICMP list extended access permit icmp any any source-quench

  Inside_ICMP list extended access allow all unreachable icmp

  Inside_ICMP list extended access permit icmp any one time exceed

  access-list outside_cryptomap_2 note ACL traffic von ASA5505 zur ASA5510

  outside_cryptomap_2 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.0

  no_NAT to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.0

  no_NAT to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.178.0 255.255.255.0

  tunnel of splitting allowed access list standard 192.168.1.0 255.255.255.0

  pager lines 24

  Within 1500 MTU

  Outside 1500 MTU

  mask 192.168.1.10 - 192.168.1.15 255.255.255.0 IP local pool SSLClientPool

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access no_NAT

  NAT (inside) 1 192.168.1.0 255.255.255.0

  Access-group Inside_ICMP in interface outside

  Route outside 0.0.0.0 0.0.0.0 192.168.178.1 1

  Route outside 192.168.10.0 255.255.255.0 192.168.178.230 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA authentication http LOCAL console

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set-3DESSHA FRA esp-3des esp-sha-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  card crypto outside_map 2 match address outside_cryptomap_2

  peer set card crypto outside_map 2 192.168.178.230

  card crypto outside_map 2 game of transformation-FRA-3DESSHA

  outside_map interface card crypto outside

  Crypto ca trustpoint localtrust

  registration auto

  domain name full cisco - asa5505.fritz.box

  name of the object CN = cisco - asa5505.fritz.box

  sslvpnkeypair key pair

  Configure CRL

  Crypto ca certificate chain localtrust

  certificate fa647850

  3082020b a0030201 30820174 020204fa 0d06092a 64785030 864886f7 0d 010104

  0500304 06035504 03131763 6973636f 617361 35353035 2e667269 2d 3120301e a

  747a2e62 6f783126 30240609 2a 864886 f70d0109 02161763 6973636f 2d 617361

  2e667269 35353035 747a2e62 6f78301e 170d 3132 31303132 31383434 31305a 17

  323231 30313031 38343431 06035504 03131763 6973636f 3120301e 305a304a 0d

  617361 35353035 2e667269 747a2e62 6f783126 2a 864886 30240609 f70d0109 2D

  6973636f 02161763 2d 617361 35353035 2e667269 747a2e62 6f783081 9f300d06

  d6279e1c 8181009f 092a 8648 86f70d01 01010500 03818d 30818902 00 38454fc 9

  705e1e58 762edc35 e64262fb ee55f47b 8d62dda2 102c8a22 c97e395f 2a9c0ebb

  f2881528 beb6e9c3 89d91dda f7fe77a4 2a1fda55 f8d930b8 3310a05f 622dfc8f

  d48ea749 7bbc4520 68 has 06392 d65d3b87 0270e41b 512a4e89 94e60167 e2fa854a

  87ec04fa e95df04f 3ff3336e c7437e30 ffbd90b5 47308502 03010001 300 d 0609

  2a 864886 04050003 81810065 cc9e6414 3c322d1d b191983c 97b474a8 f70d0101

  2e5c7774 9d54d3ec fc4ee92d c72eef27 a79ce95a da83424f b05721c0 9119e7ea

  c5431998 e6cd8272 de17b5ff 5b1839b5 795fb2a0 2d10b479 056478fa 041555dd

  bfe3960a 4fe596ec de54d58b a5fa187e 5967789a a26872ef a33b73ec 7d7673b9

  c8af6eb0 46425cd 2 765f667d 4022c 6

  quit smoking

  crypto ISAKMP allow outside

  crypto ISAKMP policy 1

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 65535

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  management-access inside

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  localtrust point of trust SSL outdoors

  WebVPN

  allow outside

  SVC disk0:/anyconnect-win-2.3.0254-k9.pkg 1 image

  SVC disk0:/anyconnect-wince-ARMv4I-2.3.0254-k9.pkg 2 image

  enable SVC

  tunnel-group-list activate

  internal SSLClientPolicy group strategy

  attributes of Group Policy SSLClientPolicy

  VPN-tunnel-Protocol svc

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list value split tunnel

  the address value SSLClientPool pools

  WebVPN

  SVC Dungeon-Installer installed

  time to generate a new key of SVC 30

  SVC generate a new method ssl key

  SVC request no svc default

  username password asdm privilege Yvx83jxa2WCRAZ/m number 15

  hajo 2w8CnP1hHKVozsC1 encrypted password username

  hajo attributes username

  type of remote access service

  tunnel-group 192.168.178.230 type ipsec-l2l

  IPSec-attributes tunnel-group 192.168.178.230

  pre-shared-key *.

  type tunnel-group SSLClientProfile remote access

  attributes global-tunnel-group SSLClientProfile

  Group Policy - by default-SSLClientPolicy

  tunnel-group SSLClientProfile webvpn-attributes

  enable SSLVPNClient group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the netbios

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect the tftp

  inspect the sip

  inspect xdmcp

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:0008564b545500650840cf27eb06b957

  : end

  What wrong with my setup.

  Concerning

  Hans-Jürgen Guenter

  Hello Hans,.

  You should change your VPN pool to be a different subnet within the network, for example: 192.168.5.0/24

  Then configure NAT exemption for traffic between the Interior and the pool of vpn.

  Based on your current configuration, the following changes:

  mask 192.168.5.10 - 192.168.5.15 255.255.255.0 IP local pool SSLClientPool

  no_NAT to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0

  And then also to enable icmp inspection:

  Policy-map global_policy

  class inspection_default

  inspect the icmp

• VPN question, can connect, but can, t go anywhere

  Hello

  I have my house 2621xm router and I have configured my router as a vpn server and I can connect using vpn client, but that's all I can do. I can't ping or go anywhere. I can't find all the documents on cisco or google that can help me here, so here I am.

  Basically, I give the client vpn ip 192.168.6.X then I want the customer to be able to go anywhere in the 192.168.1.X range 5.X and 10.X.

  any help would be appreciated to greately!

  Try,

  crypto dynamic-map VTELDYNAMAP 10

  market arriere-route

  Kind regards

  Prem

• VPN connects but no remote LAN access

  Hello

  I'll put up on a PIX 501 VPN remote access.

  When I try to connect via VPN software, I am able to connect but I am unable to access LAN resources.

  I have pasted below part of which seems relevant to my setup. I'm stuck on this issue, could someone help me? Thanks in advance.

  ethernet0 nameif outside security0
  nameif ethernet1 inside the security100
  test.local domain name
  name 10.0.2.0 inside
  name 10.0.2.13 MSExchange-en
  2.2.2.2 the MSExchange-out name

  outside_access_in tcp allowed access list all gt 1023 host 2.2.2.2 eq smtp
  outside_access_in list access permit tcp any host 2.2.2.2 eq https
  outside_access_in list access permit tcp any host 2.2.2.2 eq www
  inside_outbound_nat0_acl 10.0.2.0 ip access list allow 255.255.255.0 192.168.235.0 255.255.255.192
  access-list 101 permit icmp any one

  3.3.3.3 exterior IP address 255.255.255.0
  IP address inside 10.0.2.254 255.255.255.0
  IP local pool vpn_pool 192.168.235.1 - 192.168.235.15
  IP local pool vpn_pool_2 192.168.235.16 - 192.168.235.40

  1 3.3.3.4 (outside) global
  NAT (inside) 0-list of access inside_outbound_nat0_acl
  NAT (inside) 1 0.0.0.0 0.0.0.0 0 0
  static (inside, outside) 2.2.2.2 10.0.2.13 netmask 255.255.255.255 1000 1000
  Access-group outside_access_in in interface outside
  Route outside 0.0.0.0 0.0.0.0 3.3.3.1 1

  RADIUS Protocol RADIUS AAA server
  AAA-server RADIUS (inside) host 10.0.2.3 * timeout 10
  AAA-server local LOCAL Protocol

  Permitted connection ipsec sysopt
  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto-map dynamic dynmap 10 game of transformation-ESP-3DES-MD5
  map outside_map 90-isakmp ipsec crypto dynamic dynmap
  card crypto outside_map the LOCAL RADIUS client authentication
  outside_map interface card crypto outside
  ISAKMP allows outside
  part of pre authentication ISAKMP policy 20
  ISAKMP policy 20 3des encryption
  ISAKMP policy 20 md5 hash
  20 2 ISAKMP policy group
  ISAKMP duration strategy of life 20 86400
  vpngroup signal address vpn_pool pool
  vpngroup dns-server 10.0.2.3 signal
  vpngroup default-field test.local signal
  vpngroup idle time 1800 signal
  vpngroup max-time 14400 signal
  signal vpngroup password *.
  vpngroup TF vpn_pool_2 address pool
  vpngroup dns-server 10.0.2.3 TF
  TF vpngroup default-domain test.local
  vpngroup TF 1800 idle time
  vpngroup max-time 14400 TF
  TF vpngroup password *.

  Kind regards

  Joana

  Very similar to the question of the configuration of the switch. You should check if there is no specific roads on the switch outside the default gateway. The switch should route the subnet pool ip to the firewall (10.0.2.254).