I set up a Cisco ASA 5505 for remote access, and a point to point to a colocation facility. Recently local lan access was not working so I configured the split tunnel access list. Local Lan access now works but when connected to the vpn I still cannot ping anything on the opposite side of the tunnel. I could never ping anything on the other side. Can anyone look at my config and tell me what I have configured wrong? The main office is using 192.168.10.x. The VPN dhcp pool
192.168.11.x. The co-location facility uses 192.168.4.x. here is my config. Thanks in advance:Result of the command: "show running-config"
: Saved : ASA Version 7.2(3) ! hostname CompanyX domain-name DOMAIN.COM enable password 69YOKWVnTsvFTsnn encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.10.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 64.x.x.x 255.255.255.0 ! interface Vlan3 shutdown no forward interface Vlan1 nameif dmz security-level 50 no ip address ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 2KFQnbNIdI.2KYOU encrypted ftp mode passive dns server-group DefaultDNS domain-name DOMAIN.COM same-security-traffic permit inter-interface same-security-traffic permit intra-interface access-list CompanyX_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0 access-list CompanyX_splitTunnelAcl standard permit 192.168.11.0 255.255.255.240 access-list CompanyX_splitTunnelAcl standard permit 64.x.x.x 255.255.255.0 access-list CompanyX_splitTunnelAcl standard permit 192.168.4.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 192.168.11.0
255.255.255.240 access-list inside_nat0_outbound extended permit ip any 192.168.4.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0 pager lines 24 logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool RemoteClientPool 192.168.11.1-192.168.11.10 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-523.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 64.71.x.x 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout uauth 0:05:00 absolute http server enable http 65.x.x.x 255.255.255.255 outside http 67.x.x.x 255.255.255.255 outside http 192.168.10.0 255.255.255.0 inside http 67.x.x.x 255.255.255.255 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs crypto map outside_map 1 set peer 65.x.x.x crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 client-update enable telnet timeout 5 ssh 65.x.x.x 255.255.255.255 outside ssh 67.x.x.x 255.255.255.255 outside ssh timeout 5 console timeout 0 dhcpd address 192.168.10.101-192.168.10.132 inside dhcpd dns 192.168.10.201 64.x.x.x interface inside dhcpd wins 192.168.10.200 192.168.10.201 interface inside dhcpd lease 86400 interface inside dhcpd ping_timeout 10000 interface inside dhcpd domain DOMAIN.COM interface inside dhcpd enable inside !! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp ! service-policy global_policy global group-policy CompanyX internal group-policy CompanyX attributes wins-server value 192.168.10.200 192.168.10.201 dns-server value 192.168.10.200 192.168.10.201 vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value CompanyX_splitTunnelAcl default-domain value DOMAIN.COM USERNAMES REMOVED vpn-group-policy CompanyX tunnel-group CompanyX type ipsec-ra tunnel-group CompanyX general-attributes address-pool RemoteClientPool default-group-policy CompanyX tunnel-group CompanyX ipsec-attributes pre-shared-key * tunnel-group 65.x.x.x type ipsec-l2l tunnel-group 65.x.x.x ipsec-attributes pre-shared-key * prompt hostname context Cryptochecksum:4cce7fd8f7f56356c9d862d80d64aeac : end