Hello, I am hoping to get a quick answer as I suspect it is in the ACLs somewhere, but not versed enough in VPN to know,
My VPN client can connect and get an IP, but after that it cannot ping anything on the inside. Here is the config on the ASA:
ASA Version 7.0(7) ! hostname asavpn domain-name some.domain.com enable password TRPEas6f/aa6JSPL encrypted names dns-guard ! interface GigabitEthernet0/0 nameif inside security-level 0 ip address 172.16.5.1 255.255.252.0 ! interface GigabitEthernet0/1 nameif outside security-level 0 ip address 192.168.110.44 255.255.255.0 ! interface GigabitEthernet0/2 shutdown no nameif no security-level no ip address ! interface GigabitEthernet0/3 shutdown no nameif no security-level no ip address ! interface Management0/0 nameif Management_only security-level 100 ip address 10.2.206.20 255.255.255.0 ! passwd TRPEas6f/aa6JSPL encrypted ftp mode passive dns domain-lookup inside dns domain-lookup outside dns domain-lookup Management_only dns name-server 10.1.206.10 dns name-server 10.1.206.22 same-security-traffic permit intra-interface access-list split standard permit 172.16.4.0 255.255.252.0 access-list nonat extended permit ip 172.16.4.0 255.255.252.0
172.16.20.0 255.255.252.0 pager lines 24 logging enable logging console informational logging buffered informational mtu inside 1500 mtu outside 1500 mtu Management_only 1500 ip local pool VPN_USE_Addresses 172.16.20.3-172.16.23.254 mask 255.255.252.0 no failover icmp permit any inside asdm image disk0:/asdm-507.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list nonat nat (inside) 1 0.0.0.0 0.0.0.0 route inside 10.0.0.0 255.0.0.0 172.16.4.1 1 route inside 192.168.81.0 255.255.255.0 172.16.4.1 1 route outside 0.0.0.0 0.0.0.0 192.168.110.100 1 route Management_only 10.1.2.0 255.255.255.0 10.2.206.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout uauth 0:05:00 absolute aaa-server VPN protocol radius aaa-server VPN host 10.1.206.27 key Pass1234 group-policy vpn1 internal group-policy vpn1 attributes wins-server value 10.1.206.10 10.1.206.22 dns-server value 10.1.206.10 10.1.206.22 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value split default-domain value some.domain.com client-firewall none webvpn http server enable http 10.1.2.0 255.255.255.0 Management_only no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map VPN 1 set transform-set ESP-3DES-MD5 crypto map VPN 65535 ipsec-isakmp dynamic VPN crypto map VPN interface outside isakmp identity address isakmp enable outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption 3des isakmp policy 1 hash md5 isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 isakmp nat-traversal 20 tunnel-group vpn1 type ipsec-ra tunnel-group vpn1 general-attributes address-pool VPN_USE_Addresses authentication-server-group VPN default-group-policy vpn1 tunnel-group vpn1 ipsec-attributes pre-shared-key * no vpn-addr-assign aaa no vpn-addr-assign dhcp telnet 10.1.2.0 255.255.255.0 Management_only telnet 10.1.71.143 255.255.255.255 Management_only telnet timeout 5 ssh timeout 5 console timeout 0 ! class-map inspection_default match default-inspection-traffic ! ! policy-map global_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp ! service-policy global_policy global Cryptochecksum:d45e7fda6aadad53c03abf8390a8861a : end