VPN connects but can't access internal devices

Similar Questions

• Cisco vpn client to connect but can not access to the internal network

  Hi all

  I have a VPN configured on cisco 5540. My vpn was working fine, but suddenly there is a question that the cisco vpn client to connect but can not access to the internal network

  Any help would be much appreciated.

  Hi Samir,

  I suggest that you go to the ASA and check the configuration to make sure that it complies with the requirements according to the reference below link:

  http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805734ae.shtml

  (The link above includes split tunneling, but this is just an option.

  Please paste the output of "sh cry ipsec his" here so that we can check if phase 2 is properly trained. I would say as you go to IPSEC vpn client on your PC and check increment in packets sent and received in the window 'status '.

  Let me know if this can help,

  See you soon,.

  Christian V

• I created a vpn connection, but can I create a shortcut to connect every time?

  I created a vpn connection, but can I create a shortcut to connect every time?

  I created a vpn connection, but can I create a shortcut to connect every time?

  Open network and sharing Center, go to the Edit card settings window and drag the VPN icon on your desktop.

• VPN connection but can't map shared drive on the Client.

  Hello

  I have configure RRAS by using PPTP to serve as a VPN in Windows Server 2008 Server. I can connect VPN on my Windows 7 laptop.

  Internet works fine, I can ping the IP address of the server. But I can't see the shared folders on the client.

  Things I already checked.

  -Network discovery is running.

  -J' tried to access the server using the intellectual property and to appoint the two.

  Any help would be appreciated.

  Hi Zubair,

  I suggest that you post the application on Microsoft TechNet forum because we have experts working on these issues. You can check the link to post the same query on TechNet:

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

  Please do not hesitate to contact us if you have other questions related to Windows.

• Ipad Cisco ipsec VPN connects but not access to the local network

  Hi guys,.

  I am trying to connect our ipads to vpn to access network resources. IPSec cisco ipad connects but not lan access and cannot ping anything not even not the interfaces of the router.

  If I configure the vpn from cisco on a laptop, it works perfectly, I can ping all and can access resources on the local network if my guess is that the traffic is not going in the tunnel vpn between ipad and desktop.

  Cisco 877.

  My config is attached.

  Any ideas?

  Thank you

  Build-in iPad-client is not useful to your configuration.

  You have three options:

  (1) remove the ACL of your vpn group. Without split tunneling client will work.

  2) migrate legacy config crypto-map style. Here, you can use split tunneling

  3) migrate AnyConnect.

  The root of the problem is that the iPad Gets the split tunneling-information. But instead of control with routing traffic should pass through the window / the tunnel and which traffic is allowed without the VPN of the iPad tries to build a set of SAs for each line in your split-tunnel-ACL. But with the model-virtual, SA only is allowed.

• I can't enter my system remotely (site office) from my house, but can't access websites from here (site office)

  DNS server search order has failed

  I can't enter my system remotely (site office) from my house, but can't access websites from here (site office). When I go to "network diagnostics" it shows "Server dns search order" has failed.

  How can I solve this problem? Please help me.

  Hello yazid.

  I recommend posting your question on our TechNet site for remote desktop connection problems located here:
  http://social.technet.Microsoft.com/forums/en-us/winserverTS/threads

• I am trying to create a VPN connection, but when I get to the step that allows me to create the VPN, the radial buttons are greyed out.

  I am trying to create a VPN connection, but when I get to the step that allows me to create the VPN, the radial buttons are grayed out, it is a Windows component is missing and does not allow me to create VPN. I am running Windows XP Home addition. I recently got a Malware attack and had the quarantine and fix trojen attempts. After the restoration, I found that my previous VPN connection was broken. When I tried to add a new connection, I'm stuck on the screen connection virtual network in the the radial button private network connection wizard is grayed out, he could not check.

  Hello

  Your Windows XP question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the Windows XP TechNet forum. You can follow the link to your question:

  http://social.technet.Microsoft.com/forums/en/itproxpsp/threads

• I am able to access my desktop to my laptop as part of a homegroup, but can not access the external hard drive that is attached to my office.

  share external hard drive

  I am able to access my desktop to my laptop as part of a homegroup, but can not access the external hard drive that is attached to my office. I want to be able to back up my laptop hard disk external.  Advice please.

  geraintjo

  I do not use homegroups, but 'true' to share, so I don't know how this is supposed to work with homegroups. But usually he should share a drive or folder, first before you can access it from another machine. (for example, click on the drive/folder properties and go to the sharing tab)

• WRT1200ac and WRT1900ac OPENVPN can connect but can not see the network

  I can connect but can not see the computers on the network. I've tried everything. Any help would be great. Thank you

  Firewalls are disabled on remote computers?

• I am trying to create a VPN connection, but it does not work

  I am trying to create a VPN connection, but it does not work
  The wizard cannot establish a connection. And if I try to record simply does not connect
  It does not work. If I try to click on find the problem, there simply
  do nothing.
  I tried it on another pc, where it worked. So the problem is not the
  router or data network. And the curious thing is that I installed it before, but only from one day to the other, the VPN connection was missing.

  It does not create even a the connection icon
  Thank you

  Try a system restore to a Date before the problem began:

  Restore point:

  http://www.howtogeek.com/HOWTO/Windows-Vista/using-Windows-Vista-system-restore/

  Do Safe Mode system restore, if it is impossible to do in Normal Mode.

  Try typing F8 at startup and in the list of Boot selections, select Mode safe using ARROW top to go there > and then press ENTER.

  Try a restore of the system once, to choose a Restore Point prior to your problem...

  Click Start > programs > Accessories > system tools > system restore > choose another time > next > etc.

  http://www.windowsvistauserguide.com/system_restore.htm

  Read the above for a very good graph shows how backward more than 5 days in the System Restore Points by checking the correct box.

  See you soon.

  Mick Murphy - Microsoft partner

• I have a cc has photoshop & lightroom, but can not access the mobile app for my ipad, I get a free 30-day trial?

  I have a cc has photoshop & lightroom, but can not access the mobile app for my ipad, I get a free 30-day trial?

  Hi Michael,

  Please try the below mentioned steps to activate Mobile with Lightroom.

  • Kindly sign out and sign back into creative cloud on your machine: https://helpx.adobe.com/creative-cloud/kb/sign-in-out-creative-cloud-desktop-app.html
  • Please also synchronize lightroom desktop and mobile with the steps mentioned in the link: using Adobe Photoshop Lightroom | Lightroom - computer desktop and sync Mobile app

  Thank you

  Atul Saini

• Client VPN connects but not internal LAN access or Ping

  Hi all.

  I'm new on this forum and kindly asking for your help because I'm stuck.

  I have an ADSL router cisco 877 which I configured easy VPN server.
  Now the Cisco VPN client ver 5.0 to connect successfully to the VPN server, but when you try to access/ping computers on the internal network, there is no response.

  The configuration is below. Please let know us where I was going or what I missed.
  [code]

  Building configuration...

  Current configuration: 4574 bytes
  !
  version 12.4
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  encryption password service
  !
  boot-start-marker
  boot-end-marker
  !
  enable secret 5 $1$ $86dn J8HrK9kCQ8G9aPAm6xe4o1
  enable password 7 13151601181B54382F
  !
  AAA new-model
  !
  !
  AAA authentication login default local
  AAA authentication login internal_affairs_vpn_1 local
  AAA authorization exec default local
  AAA authorization internal_affairs_vpn_group_1 LAN
  !
  !
  AAA - the id of the joint session
  !
  Crypto pki trustpoint TP-self-signed-2122144568
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 2122144568
  revocation checking no
  rsakeypair TP-self-signed-2122144568
  !
  !
  TP-self-signed-2122144568 crypto pki certificate chain
  self-signed certificate 03
  30820248 308201B 1 A0030201 02020103 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 32313232 31343435 6174652D 3638301E 170 3032 30333032 32303537
  31375A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 32 31323231 65642D
  34343536 3830819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8100D3EA 07EC5D66 F4DD8ACC 5540BDBE 009B3C26 598EC99C D99D935A 51292F96
  F495E5A9 8D012B0E 73EA7639 3B 586799 187993F5 ED9CA31C 788756DD 6BDB1B2B
  4D7AA7F0 B07CF82F F2A29E86 E18B442C 550E22D2 E92D9914 105B7D59 253BBEA1
  D84636B4 A4B4B300 7946CE84 E9A63D2E 7789B03A 6ADDB04E B21EC207 CCFEAE0B
  30 HAS A 50203 010001, 3 1 130101 301B 0603 030101FF FF040530 0F060355 70306E30
  551 1104 14301282 10494E54 45524E41 4C5F4146 46414952 53301F06 03551D 23
  04183016 8014FA0F B3C9C651 7FD91EFA 3F63EAE8 6C83C80D 8AE2301D 0603551D
  0E041604 14FA0FB3 C9C6517F D91EFA3F 63EAE86C 83C80D8A E2300D06 092A 8648
  86F70D01 01040500 03818100 A1026DDC C91CAEB2 3C62AF92 D6B25EB2 CA 950, 920
  313BCF26 4A35B039 A4F806A0 8CB54D11 6AF1ABAA A770604B 4403F345 0351361B
  E2CF2950 26974F4A 95951862 401A4F76 C816590C 2FFCB115 9A8B3E96 4373FFE1
  33D744F7 E0FDDE61 B5B48497 9516C3C6 A3157957 C621668E A83B5E33 2420F962
  9142DD9E B6E9D74A 899A 9653
  quit smoking
  dot11 syslog
  IP cef
  No dhcp use connected vrf ip
  DHCP excluded-address IP 10.10.10.1
  !
  IP dhcp pool dhcplan
  Network 10.0.0.0 255.0.0.0
  DNS-server 196.0.50.50 81.199.21.94
  default router 10.10.10.1
  Rental 7
  !
  !
  property intellectual auth-proxy max-nodata-& 3
  property intellectual admission max-nodata-& 3
  name of the IP-server 81.199.21.94
  !
  !
  !
  VPN username password 7 095A5E07
  username fred privilege 15 password 7 1411000E08
  username ciscovpn password 7 01100F175804101F2F
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  ISAKMP crypto client configuration group internal_affairs_vpn
  key *.
  DNS 196.0.50.50 81.199.21.94
  pool ippool
  ACL 108
  !
  !
  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
  !
  Crypto-map dynamic internal_affairs_DYNMAP_1 10
  Set transform-set RIGHT
  market arriere-route
  !
  !
  card crypto client internal_affairs_CMAP_1 of authentication list internal_affairs_vpn
  card crypto isakmp authorization list internal_affairs_vpn_group_1 internal_affairs_CMAP_1
  client configuration address card crypto internal_affairs_CMAP_1 answer
  ipsec 10-isakmp crypto map internal_affairs_CMAP_1 Dynamics internal_affairs_DYNMAP_1
  !
  Archives
  The config log
  hidekeys
  !
  !
  !
  Bridge IRB
  !
  !
  interface Loopback0
  2.2.2.2 the IP 255.255.255.255
  !
  ATM0 interface
  no ip address
  ATM vc-per-vp 512
  No atm ilmi-keepalive
  PVC 0/32
  aal5snap encapsulation
  Protocol ip inarp
  !
  DSL-automatic operation mode
  Bridge-Group 1
  !
  interface FastEthernet0
  !
  interface FastEthernet1
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  !
  interface Vlan1
  description of the local lan interface
  IP 10.10.10.1 255.0.0.0
  IP nat inside
  IP virtual-reassembly
  !
  interface BVI1
  internet interface Description
  IP 197.0.4.174 255.255.255.252
  NAT outside IP
  IP virtual-reassembly
  internal_affairs_CMAP_1 card crypto
  !
  IP local pool ippool 192.168.192.1 192.168.192.200
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 196.0.4.173
  !
  IP http server
  local IP http authentication
  IP http secure server
  IP nat inside source list interface BVI1 NAT overload
  IP nat inside source static tcp 2.2.2.2 23 23 BVI1 interface
  !
  NAT extended IP access list
  allow an ip
  !
  access-list 108 allow ip 10.0.0.0 0.255.255.255 192.168.192.0 0.0.0.255
  !
  !
  !
  control plan
  !
  Bridge Protocol ieee 1
  1 channel ip bridge
  !
  Line con 0
  password 7 0216054818115F3348
  no activation of the modem
  line to 0
  line vty 0 4
  password 7 06160E325F59590B01
  !
  max-task-time 5000 Planner
  end

  Since this is a named ACL, you need to change ACL configuration mode:

  NAT extended IP access list

  Then, make the changes.

  Federico.

• ASA 5505 IPSEC VPN connected but cannot access the local network

  ASA: 8.2.5

  ASDM: 6.4.5

  LAN: 10.1.0.0/22

  Pool VPN: 172.16.10.0/24

  Hi, we purcahsed a new ASA 5505 and try to configure IPSEC VPN via ASDM; I simply run the wizards, installation vpnpool, split tunnelling, etc.

  I can connect to the ASA using the cisco VPN client and internet works fine on the local PC, but it can not access the local network (can not impossible. ping remote desktop). I tried the same thing on our Production ASA(those have both Remote VPN and Site-to-site VPN working), the new profile, I created worked very well.

  Here is my setup, wrong set up anything?

  ASA Version 8.2 (5)

  !

  hostname asatest

  domain XXX.com

  activate 8Fw1QFqthX2n4uD3 encrypted password

  g9NiG6oUPjkYrHNt encrypted passwd

  names of

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 10.1.1.253 255.255.252.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  address IP XXX.XXX.XXX.XXX 255.255.255.240

  !

  passive FTP mode

  clock timezone PST - 8

  clock summer-time recurring PDT

  DNS server-group DefaultDNS

  domain vff.com

  vpntest_splitTunnelAcl list standard access allowed 10.1.0.0 255.255.252.0

  access extensive list ip 10.1.0.0 inside_nat0_outbound allow 255.255.252.0 172.16.10.0 255.255.255.0

  pager lines 24

  Enable logging

  timestamp of the record

  logging trap warnings

  asdm of logging of information

  logging - the id of the device hostname

  host of logging inside the 10.1.1.230

  Within 1500 MTU

  Outside 1500 MTU

  IP local pool 172.16.10.1 - 172.16.10.254 mask 255.255.255.0 vpnpool

  no failover

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  Route outside 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA-server protocol nt AD

  AAA-server host 10.1.1.108 AD (inside)

  NT-auth-domain controller 10.1.1.108

  Enable http server

  http 10.1.0.0 255.255.252.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH 10.1.0.0 255.255.252.0 inside

  SSH timeout 20

  Console timeout 0

  dhcpd outside auto_config

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  internal group vpntest strategy

  Group vpntest policy attributes

  value of 10.1.1.108 WINS server

  Server DNS 10.1.1.108 value

  Protocol-tunnel-VPN IPSec l2tp ipsec

  disable the password-storage

  disable the IP-comp

  Re-xauth disable

  disable the PFS

  IPSec-udp disable

  IPSec-udp-port 10000

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list vpntest_splitTunnelAcl

  value by default-domain XXX.com

  disable the split-tunnel-all dns

  Dungeon-client-config backup servers

  the address value vpnpool pools

  admin WeiepwREwT66BhE9 encrypted privilege 15 password username

  username user5 encrypted password privilege 5 yIWniWfceAUz1sUb

  the encrypted password privilege 3 umNHhJnO7McrLxNQ util_3 username

  tunnel-group vpntest type remote access

  tunnel-group vpntest General attributes

  address vpnpool pool

  authentication-server-group AD

  authentication-server-group (inside) AD

  Group Policy - by default-vpntest

  band-Kingdom

  vpntest group tunnel ipsec-attributes

  pre-shared-key BEKey123456

  NOCHECK Peer-id-validate

  !

  !

  privilege level 3 mode exec cmd command perfmon

  privilege level 3 mode exec cmd ping command

  mode privileged exec command cmd level 3

  logging of the privilege level 3 mode exec cmd commands

  privilege level 3 exec command failover mode cmd

  privilege level 3 mode exec command packet cmd - draw

  privilege show import at the level 5 exec mode command

  privilege level 5 see fashion exec running-config command

  order of privilege show level 3 exec mode reload

  privilege level 3 exec mode control fashion show

  privilege see the level 3 exec firewall command mode

  privilege see the level 3 exec mode command ASP.

  processor mode privileged exec command to see the level 3

  privilege command shell see the level 3 exec mode

  privilege show level 3 exec command clock mode

  privilege exec mode level 3 dns-hosts command show

  privilege see the level 3 exec command access-list mode

  logging of orders privilege see the level 3 exec mode

  privilege, level 3 see the exec command mode vlan

  privilege show level 3 exec command ip mode

  privilege, level 3 see fashion exec command ipv6

  privilege, level 3 see the exec command failover mode

  privilege, level 3 see fashion exec command asdm

  exec mode privilege see the level 3 command arp

  command routing privilege see the level 3 exec mode

  privilege, level 3 see fashion exec command ospf

  privilege, level 3 see the exec command in aaa-server mode

  AAA mode privileged exec command to see the level 3

  privilege, level 3 see fashion exec command eigrp

  privilege see the level 3 exec mode command crypto

  privilege, level 3 see fashion exec command vpn-sessiondb

  privilege level 3 exec mode command ssh show

  privilege, level 3 see fashion exec command dhcpd

  privilege, level 3 see the vpnclient command exec mode

  privilege, level 3 see fashion exec command vpn

  privilege level see the 3 blocks from exec mode command

  privilege, level 3 see fashion exec command wccp

  privilege see the level 3 exec command mode dynamic filters

  privilege, level 3 see the exec command in webvpn mode

  privilege control module see the level 3 exec mode

  privilege, level 3 see fashion exec command uauth

  privilege see the level 3 exec command compression mode

  level 3 for the show privilege mode configure the command interface

  level 3 for the show privilege mode set clock command

  level 3 for the show privilege mode configure the access-list command

  level 3 for the show privilege mode set up the registration of the order

  level 3 for the show privilege mode configure ip command

  level 3 for the show privilege mode configure command failover

  level 5 mode see the privilege set up command asdm

  level 3 for the show privilege mode configure arp command

  level 3 for the show privilege mode configure the command routing

  level 3 for the show privilege mode configure aaa-order server

  level mode 3 privilege see the command configure aaa

  level 3 for the show privilege mode configure command crypto

  level 3 for the show privilege mode configure ssh command

  level 3 for the show privilege mode configure command dhcpd

  level 5 mode see the privilege set privilege to command

  privilege level clear 3 mode exec command dns host

  logging of the privilege clear level 3 exec mode commands

  clear level 3 arp command mode privileged exec

  AAA-server of privilege clear level 3 exec mode command

  privilege clear level 3 exec mode command crypto

  privilege clear level 3 exec command mode dynamic filters

  level 3 for the privilege cmd mode configure command failover

  clear level 3 privilege mode set the logging of command

  privilege mode clear level 3 Configure arp command

  clear level 3 privilege mode configure command crypto

  clear level 3 privilege mode configure aaa-order server

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:447bbbc60fc01e9f83b32b1e0304c6b4

  : end

  Captures we can see packets going from the pool to the internal LAN, but we do not reply back packages.

  The routing must be such that for 172.16.10.0/24 packages should reach the inside interface of the ASA.

  On client machines or your internal LAN switch, you need to add route for 172.16.10.0/24 pointing to the inside interface of the ASA.

• VPN connects but cannot ping or access resources

  I hope this is an easy fix and it's something that I am missing.  I've been looking at this for several hours.

  Scenario:

  I Anyconnect Essentials so I use the SSL connection

  I changed my domain name and external IP in my setup, I write.

  My VPN connection seems to work very well.  In fact, I was able to connect to 3 locations with 3 different external IP address.

  1 location, I get IP address 192.168.30.10, as it should.  I can ping 192.168.1.1, but not the 192.168.1.6 which is my temporary resource, the firewall is disabled on 192.168.1.6.

  2 location, I get an IP of 192.168.30.11, as it should.  I was able to ping 192.168.30.10, could not sue 192.168.1.1 as the place closed.

  Any help would be appreciated, it's getting late so I hope I gave enough details.  I feel so close but yet so far.

  See the ciscoasa # running

  : Saved

  :

  ASA Version 8.2 (1)

  !

  ciscoasa hostname

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 22.22.22.246 255.255.255.252

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passive FTP mode

  clock timezone CST - 6

  clock to summer time recurring CDT

  DNS lookup field inside

  DNS domain-lookup outside

  permit same-security-traffic inter-interface

  permit same-security-traffic intra-interface

  ICMP-type of object-group ALLOWPING

  echo ICMP-object

  ICMP-object has exceeded the time

  response to echo ICMP-object

  Object-ICMP traceroute

  Object-ICMP source-quench

  ICMP-unreachable object

  access-list 10 scope ip allow a whole

  10 extended access-list allow icmp a whole

  pager lines 24

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  mask 192.168.30.10 - 192.168.30.25 255.255.255.0 IP local pool SSLClientPoolNew

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 1 192.168.1.0 255.255.255.0

  Route outside 0.0.0.0 0.0.0.0 22.22.22.245 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  network-acl 10

  WebVPN

  SVC request no svc default

  AAA authentication LOCAL telnet console

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  Telnet 0.0.0.0 0.0.0.0 inside

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  management-access inside

  dhcpd dns 8.8.8.8

  dhcpd outside auto_config

  !

  dhcpd address 192.168.1.5 - 192.168.1.36 inside

  dhcpd allow inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  allow inside

  allow outside

  AnyConnect essentials

  SVC disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 image

  SVC disk0:/anyconnect-win-2.5.2014-k9.pkg 2 image

  enable SVC

  tunnel-group-list activate

  internal SSLClientPolicy group strategy

  attributes of Group Policy SSLClientPolicy

  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

  field default value mondomaine.fr

  the address value SSLClientPoolNew pools

  WebVPN

  SVC Dungeon-Installer installed

  time to generate a new key of SVC 180

  SVC generate a new method ssl key

  SVC value vpngina modules

  attributes of Group Policy DfltGrpPolicy

  VPN-tunnel-Protocol webvpn

  username test encrypted password privilege 15 xxxxxxxxxxxxxx

  username ljb1 password encrypted xxxxxxxxxxxxxx

  type tunnel-group SSLClientProfile remote access

  attributes global-tunnel-group SSLClientProfile

  Group Policy - by default-SSLClientPolicy

  tunnel-group SSLClientProfile webvpn-attributes

  enable SSLVPNClient group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  Policy-map global_policy

  class inspection_default

  inspect the icmp

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:ed683c7f1b86066d1d8c4fff6b08c592

  : end

  Patrick,

  'Re missing you the excemption NAT. Please add the following and try again:

  access-list allowed sheep ip 192.168.1.0 255.255.255.0 192.168.30.0 255.255.255.0

  NAT (inside) 0 access-list sheep

  Let us know if you still have problems after that.

  Raga

• AnyConnect VPN connected but not in LAN access

  Hello

  I just connfigured an ASA to remote VPN. I think everything works but I do not have access

  for customers in the Local LAN behind the ASA.

  PC <==internet==>outside of the SAA inside<=LAN=> PC

  After AnyConnect has established the connection I can ping inside the Interface of the ASA

  but I can't Ping the PC behind the inside Interface.

  Here is the config of the ASA5505:

  : Saved

  :

  ASA Version 8.2 (1)

  !

  asa5505 hostname

  activate 8Ry2YjIyt7RRXU24 encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP 192.168.178.254 255.255.255.0

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  Shutdown

  !

  interface Ethernet0/3

  Shutdown

  !

  interface Ethernet0/4

  Shutdown

  !

  interface Ethernet0/5

  Shutdown

  !

  interface Ethernet0/6

  Shutdown

  !

  interface Ethernet0/7

  Shutdown

  !

  passive FTP mode

  Inside_ICMP list extended access permit icmp any any echo response

  Inside_ICMP list extended access permit icmp any any source-quench

  Inside_ICMP list extended access allow all unreachable icmp

  Inside_ICMP list extended access permit icmp any one time exceed

  access-list outside_cryptomap_2 note ACL traffic von ASA5505 zur ASA5510

  outside_cryptomap_2 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.0

  no_NAT to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.10.0 255.255.255.0

  no_NAT to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.178.0 255.255.255.0

  tunnel of splitting allowed access list standard 192.168.1.0 255.255.255.0

  pager lines 24

  Within 1500 MTU

  Outside 1500 MTU

  mask 192.168.1.10 - 192.168.1.15 255.255.255.0 IP local pool SSLClientPool

  ICMP unreachable rate-limit 1 burst-size 1

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access no_NAT

  NAT (inside) 1 192.168.1.0 255.255.255.0

  Access-group Inside_ICMP in interface outside

  Route outside 0.0.0.0 0.0.0.0 192.168.178.1 1

  Route outside 192.168.10.0 255.255.255.0 192.168.178.230 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  AAA authentication http LOCAL console

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set-3DESSHA FRA esp-3des esp-sha-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  card crypto outside_map 2 match address outside_cryptomap_2

  peer set card crypto outside_map 2 192.168.178.230

  card crypto outside_map 2 game of transformation-FRA-3DESSHA

  outside_map interface card crypto outside

  Crypto ca trustpoint localtrust

  registration auto

  domain name full cisco - asa5505.fritz.box

  name of the object CN = cisco - asa5505.fritz.box

  sslvpnkeypair key pair

  Configure CRL

  Crypto ca certificate chain localtrust

  certificate fa647850

  3082020b a0030201 30820174 020204fa 0d06092a 64785030 864886f7 0d 010104

  0500304 06035504 03131763 6973636f 617361 35353035 2e667269 2d 3120301e a

  747a2e62 6f783126 30240609 2a 864886 f70d0109 02161763 6973636f 2d 617361

  2e667269 35353035 747a2e62 6f78301e 170d 3132 31303132 31383434 31305a 17

  323231 30313031 38343431 06035504 03131763 6973636f 3120301e 305a304a 0d

  617361 35353035 2e667269 747a2e62 6f783126 2a 864886 30240609 f70d0109 2D

  6973636f 02161763 2d 617361 35353035 2e667269 747a2e62 6f783081 9f300d06

  d6279e1c 8181009f 092a 8648 86f70d01 01010500 03818d 30818902 00 38454fc 9

  705e1e58 762edc35 e64262fb ee55f47b 8d62dda2 102c8a22 c97e395f 2a9c0ebb

  f2881528 beb6e9c3 89d91dda f7fe77a4 2a1fda55 f8d930b8 3310a05f 622dfc8f

  d48ea749 7bbc4520 68 has 06392 d65d3b87 0270e41b 512a4e89 94e60167 e2fa854a

  87ec04fa e95df04f 3ff3336e c7437e30 ffbd90b5 47308502 03010001 300 d 0609

  2a 864886 04050003 81810065 cc9e6414 3c322d1d b191983c 97b474a8 f70d0101

  2e5c7774 9d54d3ec fc4ee92d c72eef27 a79ce95a da83424f b05721c0 9119e7ea

  c5431998 e6cd8272 de17b5ff 5b1839b5 795fb2a0 2d10b479 056478fa 041555dd

  bfe3960a 4fe596ec de54d58b a5fa187e 5967789a a26872ef a33b73ec 7d7673b9

  c8af6eb0 46425cd 2 765f667d 4022c 6

  quit smoking

  crypto ISAKMP allow outside

  crypto ISAKMP policy 1

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 65535

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  management-access inside

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  localtrust point of trust SSL outdoors

  WebVPN

  allow outside

  SVC disk0:/anyconnect-win-2.3.0254-k9.pkg 1 image

  SVC disk0:/anyconnect-wince-ARMv4I-2.3.0254-k9.pkg 2 image

  enable SVC

  tunnel-group-list activate

  internal SSLClientPolicy group strategy

  attributes of Group Policy SSLClientPolicy

  VPN-tunnel-Protocol svc

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list value split tunnel

  the address value SSLClientPool pools

  WebVPN

  SVC Dungeon-Installer installed

  time to generate a new key of SVC 30

  SVC generate a new method ssl key

  SVC request no svc default

  username password asdm privilege Yvx83jxa2WCRAZ/m number 15

  hajo 2w8CnP1hHKVozsC1 encrypted password username

  hajo attributes username

  type of remote access service

  tunnel-group 192.168.178.230 type ipsec-l2l

  IPSec-attributes tunnel-group 192.168.178.230

  pre-shared-key *.

  type tunnel-group SSLClientProfile remote access

  attributes global-tunnel-group SSLClientProfile

  Group Policy - by default-SSLClientPolicy

  tunnel-group SSLClientProfile webvpn-attributes

  enable SSLVPNClient group-alias

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the netbios

  inspect the rsh

  inspect the rtsp

  inspect the skinny

  inspect esmtp

  inspect sqlnet

  inspect sunrpc

  inspect the tftp

  inspect the sip

  inspect xdmcp

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:0008564b545500650840cf27eb06b957

  : end

  What wrong with my setup.

  Concerning

  Hans-Jürgen Guenter

  Hello Hans,.

  You should change your VPN pool to be a different subnet within the network, for example: 192.168.5.0/24

  Then configure NAT exemption for traffic between the Interior and the pool of vpn.

  Based on your current configuration, the following changes:

  mask 192.168.5.10 - 192.168.5.15 255.255.255.0 IP local pool SSLClientPool

  no_NAT to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.0

  And then also to enable icmp inspection:

  Policy-map global_policy

  class inspection_default

  inspect the icmp