Why my VPN clients cannot access network drives and resources?

Similar Questions

• The VPN Clients cannot access any internal address

  Without a doubt need help from an expert on this one...

  Attempting to define a client access on an ASA 5520 VPN that was used only as a

  Firewall so far. The ASA has been recently updated to Version 7.2 (4).

  Problem: Once connected, VPN client cannot access anything whatsoever. Client VPN cannot

  ping any address on internal networks, or even the inside interface of the ASA.

  (I hope) Relevant details:

  (1) the tunnel seems to be upward. Customers are the authenticated by the SAA and

  are able to connect.

  (2) by many other related posts, I ran a ' sh crypto ipsec her "to see the output: it

  appears that the packets are décapsulés and decrypted, but NOT encapsulated or

  encrypted (see the output of "sh crypto ipsec his ' home).

  (3) by the other related posts, we've added commands associated with inversion of NAT (crypto

  ISAKMP nat-traversal 20

  crypto ISAKMP ipsec-over-port tcp 10000). These were in fact absent from our

  Configuration.

  (4) we tried encapsulation TCP and UDP encapsulation with experimental client

  profiles: same result in both cases.

  (5) if I (attempt) ping to an internal IP address of the connected customer, the

  real-time log entries ASA show the installation and dismantling of the ICMP requests to the

  the inner target customer.

  (6) the capture of packets to the internal address (one that we try to do a ping of the)

  VPN client) shows that the ICMP request has been received and answered. (See attachment

  shooting).

  (7) our goal is to create about 10 VPN client of different profiles, each with

  different combinations of access to the internal VLAN or DMZ VLAN. We do not have

  preferences for the type of encryption or method, as long as it is safe and it works: that

  said, do not hesitate to recommend a different approach altogether.

  We have tried everything we can think of, so any help or advice would be greatly

  Sanitized the ASA configuration is also attached.

  appreciated!

  Thank you!

  It should be the last step :)

  on 6509

  IP route 172.16.100.0 255.255.255.0 172.16.20.2

  and ASA

  no road inside 172.16.40.0 255.255.255.0 172.16.20.2

• VPN clients cannot access remote sites - PIX, routing problem?

  I have a problem with routing to remote from our company websites when users connect via their VPN client remotely (i.e. for home workers)

  Our headquarters contains a PIX 515E firewall. A number of remote sites to connect (via ADSL) to head office using IPSEC tunnels, ending the PIX.

  Behind the PIX is a router 7206 with connections to the seat of LANs and connections to a number of ISDN connected remote sites. The default route on 7206 points to the PIX from traffic firewall which sits to ADSL connected remote sites through the PIX. Internal traffic for LAN and ISDN connected sites is done via the 7206.

  Very good and works very well.

  When a user connects remotely using their VPN client (connection is interrupted on the PIX) so that they get an IP address from the pool configured on the PIX and they can access resources located on local networks to the office with no problems.

  However, the problem arises when a remote user wants access to a server located in one of the remote sites ADSL connected - it is impossible to access all these sites.

  On the remote site routers, I configured the access lists to allow access from the pool of IP addresses used by the PIX. But it made no difference. I think that the problem may be the routes configured on the PIX itself, but I don't know what is necessary to solve this problem.

  Does anyone have suggestions on what needs to be done to allow access to remote sites for users connected remotely via VPN?

  (Note: I suggested a workaround, users can use a server on LAN headquarters as a "jump point" to connect to remote servers from there)

  with pix v6, no traffic is allowed to redirect to the same interface.

  for example, a remote user initiates an rdp session for one of the barns adsl. PIX decrypts the packet coming from the external interface and looks at the destination. because the destination is one of adsl sites, pix will have to return traffic to the external interface. Unfortunately, pix v6.x has a limitation that would force the pix to drop the packet.

  with the v7, this restriction has been removed with the "same-security-traffic control intra-interface permits".

  http://www.Cisco.com/en/us/partner/products/HW/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

• Win 7 VPN client cannot access remote resources beyond the VPN server

  I have a Win 7 laptop with work and customer Win 7 VPN set up, and through it that I can access everything allowed resources on the remote network.

  I built a new computer, set up the Win 7 client with the exact same parameters everywhere, connected to the VPN with success, but can not access any of the resources on the remote network that I can on my laptop.

  Win 7 64 bit SP 1

  I did research online and suggestions have already had reason of my new set up.  In addition, I have a second computer that I've set up the VPN client, and I'm having the same problem.  VPN connects successfully, but is unable to access the resources.

  Tested with firewall off the coast.

  Troubleshooting Diagnostic reports: your computer seems to be configured correctly, distance resources detected, but not answered do not.

  I created another VPN client on the new computer to another remote network and everything works perfectly.

  Remember the old VPN connection to the remote network that does not work on the new computer works perfectly on Win 7 64 bit laptop computer.

  So, what do I find also different between identical configurations "should be" where we work and two new machines is not?

  It must be something stupid.

  Hello

  This question is more suited for a TechNet audience. I suggest you send the query to the Microsoft TechNet forum. See the link below to do so:
  https://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w7itpronetworking

  Please let us know if you have more queries on Windows.

• User cannot access network drives.

  Using Anyconnect 2.5 and ASA 5510. When a user connects to the VPN, DNS suffixes change settigs ' Append primary "to"Add these suffixes." (See below)

  The suffix PublicDomain.com is listed as the default domain in group policy. The problem I have is that a particular user can not see the network drives. If I ping the server that drives mapped, I get an audience to an IP address. If I ping server. OfficeComputerDomain.com I have the right internal IP address. So, if I manually change the order and OfficeComputerDomain.com first of all, the user can access without problem network drives. Can I first set up the VPN profile to the OfficeComputerDomain.com list or can I just change the default domain in the group to my internal domain name policy?

  Thank you

  

  Yes, you can change both in the related group policy configuration.

  attributes of group policy
  value by default-field OfficeComputerDomain.com
  Split-dns OfficeComputerDomain.com PublicDomain.com UserHomeDomain.com value

• VPN clients cannot access to the vlan

  Hello

  I just changed my flat lan to a virtual LAN environment multi, but now I need help to get to my VPN back working again as the VPN user can access servers that are not on the vlan 'door '.  I've read enough to know that it is probably associated with NAT, but I'm not sure where to put this information.

  Does go in the NAT, associated with the E0 interface (outgoing internet gateway), to the vlan10 (vlan router is actually on) or can I create a new one and apply it to the crypto ipsec and isakmp side of things that use VPN users?

  My network is configured as such...

  VPN client - Router1811 - split trunk - C3550 - 12G - shared - resources multiple C3550s - servers/Wstns

  The router subnet 192.168.10.0 as all switches, VLAN is set up through the 12 G and all other switches as vtp "vtp clients", including the router.  The user can get to the 10 subnet and any server on it, but not to the"farm" on the subnet 192.168.11.0.

  I noticed Federico has been working on something very similar to this... but any help would be appreciated.

  Thank you, Don

  Hi Don,

  Please mark this discussion as resolved if there is no other problem with this VPN.

  See you soon,.

  Nash.

• Showing in the form of folder icon and cannot access network drive icon

  Hi team,

  The network drive that I drew in my computer using my profile isn't allowing me to access.

  The network drive icon shows as a folder icon and it says access denied even if I have the permissions to access the file on the server.

  The server we use is the exchange Server 2003.

  But I am able to access the files inside the drive using the Option RUN as well as Address bar in my computer.

  And I am able to access the folder on the server without any problem.

  The operating system I use is Windows XP.

  But it worked for someone else, when I deleted a file named autorun.inf in the folder of the shared drive on the server!

  Could you please tell me what is autorun.inf and he really causes this problem in the drive on the server or is there any other reason.

  Thanks in advance for the help.

  Hi Rani Jhansi,

  Your Windows XP question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Windows Server forum.

  http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer

• The VPN Clients need access to the subnet on another router

  Hello

  We have a pix 515e PIX Version 8.0 (2)

  We have two subnet 10.1.x.x/16 and 10.2.x.x/16

  The firewall is on 10.1.x.x and vpn clients can access this subnet.

  The firewall can ping 10.2.x.y where x is a server in the other subnet.

  On the 10.2.x.x customers out the firewall.

  The problem is that vpn clients cannot access the server of 10.2.x.y even if the pix can ping 10.2.x.y and the road for him.

  What I need to check that the vpn rules are correct in the pix 515e?

  I think it is a rule of exemption nat or something like that not exactly sure.

  Everything would be a great help.

  Thank you

  Hello

  For clients VPN access to these subnets, check the following:

  1 NAT exemption include these subnets (if not using NAT)... it's the NAT0 ACL command

  2. these subnets is included in the split tunneling

  3. these subnets have a route to the PIX to send traffic to the VPN client pool.

  4. There are no ACLs not applied to the inside interface of the PIX deny this communication.

  Federico.

• Domain user on the laptop cannot access network folders

  I have a user who has a laptop with Windows 7 Pro.  The laptop is on the field.  A week ago, some of its readers mapped network disappeared from his window of the computer - they have been set up with a logon script.  When I tried remap readers, I got an error that the readers were already mapped with other identification information.

  I tried to use wired and wireless and disabling NetBIOS.  I tried to sign up with my own account, and after that my profile has been created I was able to access network drives without any problems, that tells me that this isn't a hardware problem.

  I took a look in C:\Users and found 2 records for his profile, one named [username], another named [username]. [domain].  The [user name]. There is a padlock icon that tells me that it is the account currently being logged record [field].  However, records (e.g. office) are all empty, so it is somehow redirecting to the files under the profile of [username].  I backed up and deleted the registry key for its profile and restarted the computer, but this only created a NEW temporary folder called [username]. [domain]. 000.

  Short to save all files in [user_name] and suppression of all profiles or do a clean install of Windows is there anything else I can try?

  When I tried remap readers, I got an error that the readers were already mapped with other identification information.

  -> The command console

  net use

  tell you what actions are mapped. And the console command

  NET use * / del

  Removes all existing connections to share.

  I tried to use wired and wireless and disabling NetBIOS.

  -> Ping your server would immediately you tell if you have network connectivity.

  The [user name]. There is a padlock icon that tells me that it is the account currently being logged record [field].

  -> How to lock that only takes into account with administrator privileges have access to this folder.

  I backed up and deleted the registry key for its profile and restarted the computer, but this only created a NEW temporary folder called [username]. [domain]. 000.

  ->, You can force Windows to use a given profile folder manually by setting the name of the folder here:

  HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S...\ProfileImagePath

  Search for the incorrect path name (. domain.000 [username]), and then change the path.

  Your questions are indeed more suited for a TechNet forum.

• Can not access network drives after installation of Windows 8 Pro

  Hi all

  I have a concern with a PC in Windows 8.

  I am rebuilding a new laptop for a user. Successfully, I added to the domain and assigned privileges for the user. When I try to log on to the PC with the new user account, I can not access network drives. When I log in with my account, I am able to access the network without problem drives.

  When I'm on the user account I can see the other computers on the network as well. But for some reason I can't access network drives. Other computers on the domain are running Windows 7 Professional.Can someone help me with this?

  Thank you

  Hello

  As you are on a domain, I suggest you to post your query in the TechNet forum.

  http://social.technet.Microsoft.com/forums/en-us/w8itpronetworking/threads

  I hope this helps.

• 0X803C0107 error: you cannot access shared files and printers and the MSE does not start at startup

  Original title: mainly MSE does not start at startup. have you tried re-loading and other elements on the card, still no luck. Here is the error code I have and the information complete.

  Remember - this is a public forum so never post private information such as numbers of mail or telephone!

  Ideas:

  • Error 0X803C0107

    Details of the editor for Windows Firewall troubleshooting

    Verified issues

    You cannot access shared files and PrintersYou cannot access shared files and printers

    You can't access shared folders or printers on a computer on which Windows Firewall is enabled. This happens when the Windows Firewall blocks traffic entering via the UDP ports 137 and 138 and the ports TCP 139 and 445. Checked

    No workingRemote Assistance remote assistance does not

    When you use Windows Help and Support, remote support available to offer assistance to a computer, you receive the error message "the remote server computer does not exist or is unavailable", even if Remote Assistance and file sharing and printing are activated. Windows Firewall may be blocking Remote Assistance. Checked

    Windows Vista may not start Windows Vista FirewallWindows could not start the Windows Firewall

    On a computer that is running Windows Vista, you find that the Windows Firewall service is not running. When you try to manually start the service, you get "Windows didn't start the Windows Firewall on the Local computer." For more information, see the system event log. If it is a non-Microsoft service, contact the service vendor and refer to service particular 5 error code. "error message. This can occur if the 'MpsSvc' account does not have the necessary permissions for the registry keys concerned. Checked

    Windows Firewall service is not his firewall service is not started

    Windows Firewall service is not running or is not started. Checked

    Issues checked the details of the detection

    6 you cannot access shared files and printers checked

    You can't access shared folders or printers on a computer on which Windows Firewall is enabled. This happens when the Windows Firewall blocks traffic entering via the UDP ports 137 and 138 and the ports TCP 139 and 445.

    Unlock the file and printer sharing in Windows Firewall works not

    To allow access to shared folders and printers, except for the file sharing and printers in the Windows Firewall must be enabled.

    6 remote assistance works not verified

    When you use Windows Help and Support, remote support available to offer assistance to a computer, you receive the error message "the remote server computer does not exist or is unavailable", even if Remote Assistance and file sharing and printing are activated. Windows Firewall may be blocking Remote Assistance.

    Allow Remote Assistance in Windows not running Firewall

    Which allows Assistance remotely as an exception in Windows Firewall it unlocks and corrects this problem.

    6 Windows Vista could not start Windows Firewall check

    On a computer that is running Windows Vista, you find that the Windows Firewall service is not running. When you try to manually start the service, you get "Windows didn't start the Windows Firewall on the Local computer." For more information, see the system event log. If it is a non-Microsoft service, contact the service vendor and refer to service particular 5 error code. "error message. This can occur if the 'MpsSvc' account does not have the necessary permissions for the registry keys concerned.

    Set permissions for the registry keys concerned not run

    Setting permissions for the registry keys concerned will solve this problem. Applies only to computers by using Group Policy to manage the firewall.

  6 Windows Firewall service did not start Checked

  Windows Firewall service is not running or is not started.

  Start the Windows Firewall service is not running

  Start the Windows Firewall service solves this problem.

  Details of detection

  Collection information

  Computer name: NORMBRESINSKI

  Windows Version: 5.1

  Architecture: x 86

  Time: 09-20-2010 07:51:49

  Publisher details

  Troubleshooting Windows Firewall

  Automatically fix problems of Windows Firewall, such as Windows cannot start the firewall service (0x5) Windows or Windows remote assistance does not work

  Package Version: 1.0

  Publisher: Microsoft Corporation

  You have problems with programs

• Error messages
• Recent changes to your computer
• What you have already tried to solve the problem

Hi Rickbsk,

You can check out the link and check the suggestions provided by scotty1294.

http://social.answers.Microsoft.com/forums/en-us/msestart/thread/05a63b12-1be9-4BD3-898e-64674c1e9afd

If you have not tried all the suggestions above, try and see if it helps.

Hope this information is useful.

Jeremy K
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think.

If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.

• is it possible to use a desktip mail client to access your mail and are there fees

  Is it possible to use a desktop e-mail client ot access your email and are there fees

  Yes, it is possible there are there a some different free clients. There are also paid for both clients (MS Outlook for example).

  I hope this helps.

• Cannot access to roles and features (Server Manager)

  Cannot access to roles and features (Server Manager).
  Server Terminal server runs on Windows 2008 R2.
  I have an error (0 x 80080005 (CO_E_SERVER_EXEC_FAILURE)).
  c:\Windows\System32\ServerManager\Cache directory is empty.
  EventLog error EVENT 1000 ID Watch:
  Name of the failing application: TrustedInstaller.exe, version: 6.1.7601.17514, time stamp: 0x4ce7989b
  Name of the failed module: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
  Exception code: 0 x 40000015
  Offset: 0x000000000002a84e
  ID of the process failed: 0 x 2230
  Start time of application vulnerabilities: 0x01cd507bac023aca
  The failing application path: C:\Windows\servicing\TrustedInstaller.exe
  Path of the failing module: C:\Windows\system32\msvcrt.dll
  Report ID: e9bab27e-bc6e-11e1-a34e-000c29dc7c68
  -Program and features show installed updates. (The server is updated when you run a Windows Update)
  I've done so far:
  -Uninstall Symantec Endpoint Protection
  -Restart on the 2008 media to replace C:\Windows\winsxs\pending.xml
  -Ran that the System Update Readiness Tool for Windows 2008 R2 and no errors are reported on CheckSUR.log and CheckSUR.persist.log
  -A ran a free registry Cleanner
  What should we consider?
  Thank you

  Hello

  Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please ask your question in the following forum.

  Windows Server 2008 R2 General:

  http://social.technet.Microsoft.com/forums/en-us/winservergen/threads

  Concerning

• Cannot access network resources - Cisco VPN client

  Please see attached the network topology.

  I can connect using the Cisco VPN client and access to all resources of the 192.168.3.0 network

  I can't ping / access to all hosts on the network 192.168.5.0.

  Any ideas?

  Thanks for the help in advance

  AD

  Quite correct.

  Please add has the access list:

  CPA list standard access allowed 192.168.5.0 255.255.255.0

• ASA 5505 VPN established, cannot access inside the network

  Hi, I recently got an ASA 5505, and I spent weeks to find a way to set up a VPN on it.

  After a few days, I finally found the solution to connect to my ASA with a VPN client yet and cannot access devices that are connected to the ASA.

  Here is my config:

  ASA Version 8.2 (5)
  !
  hostname asa01
  domain kevinasa01.net
  activate 8Ry2YjIyt7RRXU24 encrypted password
  2KFQnbNIdI.2KYOU encrypted passwd
  names of
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  switchport access vlan 5
  !
  interface Ethernet0/4
  !
  interface Ethernet0/5
  !
  interface Ethernet0/6
  !
  interface Ethernet0/7
  !
  interface Vlan1
  nameif inside
  security-level 100
  IP 192.168.1.1 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  IP address dhcp setroute
  !
  interface Vlan5
  No nameif
  security-level 50
  IP 172.16.1.1 255.255.255.0
  !
  passive FTP mode
  DNS server-group DefaultDNS
  domain kevinasa01.net
  permit same-security-traffic intra-interface
  Remote_Kevin_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
  inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.254.0 255.255.255.240
  inside_nat0_outbound list of allowed ip extended access all 192.168.254.0 255.255.255.0
  inside_nat0_outbound list of allowed ip extended access entire 192.168.1.0 255.255.255.0
  sheep - in extended Access-list allow IP 192.168.254.0 255.255.255.0 192.168.1.0 255.255.255.0
  access extensive list ip 192.168.254.0 outside_access_in allow 255.255.255.0 any
  access extensive list ip 192.168.254.0 inside_access_in allow 255.255.255.0 any
  pager lines 24
  asdm of logging of information
  Outside 1500 MTU
  Within 1500 MTU
  pool pool 192.168.254.1 - 192.168.254.10 255.255.255.0 IP mask
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  Global 1 interface (outside)
  NAT (outside) 1 192.168.254.0 255.255.255.0
  NAT (inside) 0 access-list sheep - in
  NAT (inside) 1 192.168.1.0 255.255.255.0
  NAT (inside) 1 0.0.0.0 0.0.0.0
  Access-group outside_access_in in interface outside
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  Floating conn timeout 0:00:00
  dynamic-access-policy-registration DfltAccessPolicy
  Enable http server
  http 192.168.1.0 255.255.255.0 inside
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
  life crypto ipsec security association seconds 28800
  Crypto ipsec kilobytes of life - safety 4608000 association
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
  outside_map interface card crypto outside
  crypto ISAKMP allow outside
  crypto ISAKMP policy 10
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  management-access inside
  dhcpd outside auto_config
  !
  dhcpd address 192.168.1.5 - 192.168.1.36 inside
  dhcpd allow inside
  !

  a basic threat threat detection
  Statistics-list of access threat detection
  no statistical threat detection tcp-interception
  WebVPN
  internal Remote_Kevin group strategy
  attributes of Group Policy Remote_Kevin
  value of server DNS 192.168.1.12 192.168.1.13
  VPN - connections 3
  Protocol-tunnel-VPN IPSec
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list Remote_Kevin_splitTunnelAcl
  kevinasa01.NET value by default-field
  username kevin mz6JxJib/sQqvsw9 password encrypted privilege 0
  username kevin attributes
  VPN-group-policy Remote_Kevin
  type tunnel-group Remote_Kevin remote access
  attributes global-tunnel-group Remote_Kevin
  address-pool
  Group Policy - by default-Remote_Kevin
  IPSec-attributes tunnel-group Remote_Kevin
  pre-shared key *.
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  type of policy-card inspect dns preset_dns_map
  parameters
  maximum message length automatic of customer
  message-length maximum 512
  Policy-map global_policy
  class inspection_default
  inspect the preset_dns_map dns
  inspect the ftp
  inspect h323 h225
  inspect the h323 ras
  inspect the rsh
  inspect the rtsp
  inspect esmtp
  inspect sqlnet
  inspect the skinny
  inspect sunrpc
  inspect xdmcp
  inspect the sip
  inspect the netbios
  inspect the tftp
  Review the ip options
  inspect the icmp
  inspect the icmp error
  !
  global service-policy global_policy
  context of prompt hostname
  no remote anonymous reporting call
  Cryptochecksum:2bb1da52d1993eb9b13c2f6dc97c16cd
  : end

  Thank you

  Hello

  I read your message quickly through my cell phone. I don't know why you have spent your config twice. Maybe a typo issue.

  I see the acl sheep in the wrong way. I mean 192.168.254 are your pool VPN and 192.168.1.0 your local LAN.

  The acl must be:

  sheep - in extended access-list permit ip 192.168.1.0 255.255.255.0 192.168.254.0 255.255.255.0

  For nat (inside), you have 2 lines:

  NAT (inside) 1 192.168.1.0 255.255.255.0 ==> it is redundant as the 1 below does the same thing with more networks if there is inside side. You can delete it.
  NAT (inside) 1 0.0.0.0 0.0.0.0

  Why are you doing this nat (outside)?

  NAT (outside) 1 192.168.254.0 255.255.255.0

  Here are the first questions that I have seen by reading through my mobile. Let's change this and let me know. I'll take a look later with a computer (tonight or tomorrow)

  Thank you.

  PS: Please do not forget to rate and score as good response if this solves your problem.