VPN session established but cannot access trusted LAN segment on the ASA

Just a roundup of my Cisco ASA configuration...
1) Configure remote access IPSec VPN
2) Group Policies - vpntesting
3) AES256 SHA DH group 5
4) Configure local user vpntesting
5) Configure dhcp pool - 10.27.165.2 to 10.27.165.128 mask /24
6) open access on outside interface
7) IKE group - vpntesting
A) Did I miss anything?
B) For example, there is a LAN segment - 10.27.40.x/24  on the trusted leg of the Cisco ASA but I can't access it. Do I need to  create access lists to allow my VPN session to access the trust LANs?
C) Any good guide for configuring remote access VPN using ASDM?

I have couple of issues with my EasyVPN server and Cisco VPN Client on Win7.
1: Sometimes, clients are connected, connection shows established but no traffic or pings can be made to corp network. I might have to do with NAT settings to except VPN traffic from being NATed.
2: VPN Clients don't pick the same IP address from local address pool even though I specified "RECYLE" option.
I would apprecaite if you look at my configuration and advise any mis-config or anything that needs to be corrected.
Thank you so much.
Configuration:
TQI-WN-RT2911#sh run
Building configuration...
Current configuration : 7420 bytes
! Last configuration change at 14:49:13 UTC Fri Oct 12 2012 by admin
! NVRAM config last updated at 14:49:14 UTC Fri Oct 12 2012 by admin
! NVRAM config last updated at 14:49:14 UTC Fri Oct 12 2012 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname TQI-WN-RT2911
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
aaa session-id common
no ipv6 cef
ip source-route
ip cef
ip dhcp remember
ip domain name telquestintl.com
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-2562258950
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2562258950
revocation-check none
rsakeypair TP-self-signed-2562258950
crypto pki certificate chain TP-self-signed-2562258950
certificate self-signed 01
            quit
license udi pid CISCO2911/K9 sn ##############
redundancy
track 1 ip sla 1 reachability
delay down 10 up 20
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ############## address 173.161.255.###
255.255.255.240
crypto isakmp client configuration group EASY_VPN
key ##############
dns 10.10.0.241 10.0.0.241
domain domain.com
pool EZVPN-POOL
acl VPN+ENVYPTED_TRAFFIC
save-password
max-users 50
max-logins 10
netmask 255.255.255.0
crypto isakmp profile EASY_VPN_IKE_PROFILE1
   match identity group EASY_VPN
   client authentication list default
   isakmp authorization list default
   client configuration address respond
   virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile EASY_VPN_IPSec_PROFILE1
set security-association idle-time 86400
set transform-set ESP-3DES-SHA
set isakmp-profile EASY_VPN_IKE_PROFILE1
crypto map VPN_TUNNEL 10 ipsec-isakmp
description ***TUNNEL-TO-FAIRFIELD***
set peer 173.161.255.241
set transform-set ESP-3DES-SHA
match address 105
interface Loopback1
ip address 10.10.30.1 255.255.255.0
interface Tunnel1
ip address 172.16.0.2 255.255.255.0
ip mtu 1420
tunnel source GigabitEthernet0/0
tunnel destination 173.161.255.241
tunnel path-mtu-discovery
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Optonline  WAN secondary
ip address 108.58.179.### 255.255.255.248 secondary
ip address 108.58.179.### 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map VPN_TUNNEL
interface GigabitEthernet0/1
description T1 WAN Link
ip address 64.7.17.### 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description LAN
ip address 10.10.0.1 255.255.255.0 secondary
ip address 10.10.0.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
tunnel mode ipsec ipv4
tunnel protection ipsec profile EASY_VPN_IPSec_PROFILE1
router eigrp 1
network 10.10.0.0 0.0.0.255
network 10.10.30.0 0.0.0.255
network 172.16.0.0 0.0.0.255
router odr
router bgp 100
bgp log-neighbor-changes
ip local pool EZVPN-POOL 10.10.30.51 10.10.30.199 recycle delay
65535
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map OPTIMUM-ISP interface
GigabitEthernet0/0 overload
ip nat inside source route-map T1-ISP interface GigabitEthernet0/1
overload
ip nat inside source static tcp 10.10.0.243 25 108.58.179.### 25
extendable
ip nat inside source static tcp 10.10.0.243 80 108.58.179.### 80
extendable
ip nat inside source static tcp 10.10.0.243 443 108.58.179.### 443
extendable
ip nat inside source static tcp 10.10.0.220 3389 108.58.179.### 3389
extendable
ip nat inside source static tcp 10.10.0.17 12000 108.58.179.###
12000 extendable
ip nat inside source static tcp 10.10.0.16 80 108.58.179.### 80
extendable
ip nat inside source static tcp 10.10.0.16 443 108.58.179.### 443
extendable
ip nat inside source static tcp 10.10.0.16 3389 108.58.179.### 3389
extendable
ip route 0.0.0.0 0.0.0.0 108.58.179.### track 1
ip route 0.0.0.0 0.0.0.0 64.7.17.97 ##
ip access-list extended VPN+ENVYPTED_TRAFFIC
permit ip 10.10.0.0 0.0.0.255 any
permit ip 10.0.0.0 0.0.0.255 any
permit ip 10.10.30.0 0.0.0.255 any
ip sla 1
icmp-echo 108.58.179.### source-interface GigabitEthernet0/0
threshold 100
timeout 200
frequency 3
ip sla schedule 1 life forever start-time now
access-list 1 permit 10.10.0.0 0.0.0.255
access-list 2 permit 10.10.0.0 0.0.0.255
access-list 100 permit ip 10.10.0.0 0.0.0.255 any
access-list 105 remark ***GRE-TRAFFIC TO FAIRFIELD***
access-list 105 permit gre host 108.58.179.### host 173.161.255.###
route-map T1-ISP permit 10
match ip address 100
match interface GigabitEthernet0/1
route-map OPTIMUM-ISP permit 10
match ip address 100
match interface GigabitEthernet0/0
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
end
TQI-WN-RT2911#

Similar Messages

  • HT1218 After a recent iTunes update attempt iTunes no longer functions and the airport extreme base station is not accessable on our computer.  We still have wifi but cannot access the base station software.

    After a recent iTunes update attempt iTunes no longer functions and the airport extreme base station is not accessable on our computer.  We still have wifi but cannot access the base station software.

    Thanks for the reply. I appreciate the response. I tried that approach this evening and it didn't work for me. (Technically it worked for me, when I was hardwired into my base station, but would not work for me wirelessly, which is my main issue.)
    Again, using the approach you recommended works only if I have my ethernet cable attached to the LAN port so my computer is communicating directly to the base station through the hard wire. I am able to scan for my base station and make setting adjustments normally this way too.
    As soon as I disconnect from the LAN port and try to go wireless is where I run into problems. The Base Station's wireless network I created is available to choose in the top right corner of the monitor with all of the other available wireless devices/networks -- but the network I created does not have access to the internet. I am also unable to configure my Base Station wirelessly. When my Airport Utility tries to scan for the Base Station and Network, it cannot find any Apple Wireless Device. It's like the Wireless Network in my base station is not sending out a signal.
    Is there a way to resolve this issue?

  • Created new workspace, user created OTN account but cannot access workspace

    hi,
    i recently created GFW_SYSTEMS_TEAM beehiveonline workspace.
    i added 4 external users including myself as an external user using my gmail account: [email protected] so i could verify the process from an external user point of view
    i created my OTN account and verified it but cannot access the workspace using this login.
    when i check the users in beehiveonline-apex i see that all users are verified.
    when i check the users in the workspace, 2x external users are missing but my gmail user is there
    when i check the ~BOLADMIN tool i see that my gmail user is missing - only my oracle account is visible; the other 2x external users are also missing...
    my oracle and gmail email addresses are similar : neil.pritchard@~ oracle.com, gmail.com
    i am accessing from my secondary oracle laptop (OBI); not on vpn
    can you tell me if there are any known conflicts with the above setup?
    more info:
    OS: XP SP2; browser IE8
    when accessing teamcollab or workspaces i get 'Internet Explorer cannot display the webpage' during login authentication
    best regards
    Neil
    Edited by: 972236 on 20-Nov-2012 05:49

    Neil,
    we spotted some provisioning scripts that had failed and are re-running them now - hoefully the extra users will be in the group/workspace soon. The 2 emails for you will not be a clash as they are valid and unique.
    Phil

  • HT201412 My i Pad 3 shows "cannot Access Find My Friends open the app and review your sign in information to continue sharing your location. And I have two buttons : Later and Open but they don't work, As long as I have this situation I can do nothing on

    My i Pad 3 shows "cannot Access Find My Friends open the app and review your sign in information to continue sharing your location. And I have two buttons : Later and Open but they don't work. As long as I have this screen situation, I cann't do anything on my I Pad. Please help !!

    I have the same problem on my iPhone4. It is obviously a bug in the software. Once it pops out I am locked out of my phone. I can't even begin to describe the frustration this causes. All that stuff about holding down the buttons is useless. the phone won't even shut off. I can take a screen shot like that or go to voice control. Even when I got to a wifi connection, I can't get on. This app blocks everything else. This is a serious bug and can have serious consequences. The only thing my phone would do is go to voice control and let me play iTunes or phone people. Some smart phone hey?
    I have finally got to a place with a wide enough wifi to connect my computer and restore the phone. This has lasted over a day!
    I don't even know why Find My Friends is on my phone. Is it part of the package and how do I turn it off?

  • After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

    After upgrading to Mountain Lion I am not able to access "security and privacy" button under "system preferences". I like to activate "find my mac" but cannot access privacy setting after upgrade. Kindly advice.

  • I have lost my Safari app and all the bookmarks that go with it. I have tried to download my back-up on external drive but cannot access it. Tried a start with C key held down but still no access to the back-up app.

    I have lost my Safari app and all the bookmarks that go with it. I have tried to download my back-up on external drive but cannot access it. Tried a start with C key held down but still no access to the back up app.
    Have used Superduper app. to back up and checked back-up occasionally to see if all files present  and appeared OK.
    I had previously started machine using original CD #1 to try and replace Eudora which was acting up. Did not knowingly touch Safari.
    Running iMAC System 10.4.11
    How can I successfully download from the Maxtor back-up?
    Ivan

    Further info.
    I checked the content of my other back-up and found the bookmark Bookmarks.plist in the library under Safari
    Dumped the existing copy in the computer and drag-dropped the back up. All bookmarks restored.
    Solved the Stickies problem by using Spotlight  to find file "stickiesdatabase" and did a drag- drop to replace file. All data restored.
    Re Ical data loss. Used Spotlight to find iCal document in  Library - Preferences where I found com.apple.iCal.plist in folder.
    Got ready to make change but did not immediately remove file. When I returned to Preferences folder to grab above document,
    the readable descriptors had been changed to code consisting of some upper case letters and/or single symbols!
    So now I cannot tell which is the symbol  iCal.plist
    Thanks for leading me so far, but how do I find that plist for my calendar?

  • My hard disk crashed and I cannot find out how to "contact customer service" other than this forum.  The website seems to just take me in a circle. I need to de-activate a license but cannot access the software due to a crashed hard drive.  Please help.

    My hard disk crashed and I cannot find out how to "contact customer service" other than this forum.  The website seems to just take me in a circle. I need to de-activate a license but cannot access the software due to a crashed hard drive.  Please help.

    Hi Anthony ,
    Here is the link to connect with Adobe Chat Support.
    https://helpx.adobe.com/adobe-connect/kb/connect-chat-support.html
    Hope your query gets resolved .
    Regards
    Sukrit Dhingra

  • I have new Adobe premier Elements13 and Photoshop elements 12, but Cannot access website to generate code and register

    I have new Adobe premier Elements13 and Photoshop elements 12, (Download from Amazon) but Cannot access website to generate code and register. Please help if you can.
    I do not know how to find my PC specific code, nor can I simply use another PC if the programs are then only for use on that (not my main) PC!. I have entered the correct serial/codes which came in the download files but simply cannot go further as each time I try it fails to connect with the website?
    Vince

    Please post Photoshop Elements related queries over at
    http://forums.adobe.com/community/photoshop_elements

  • I have just upgraded to the new OS X V. 10.10.3 but cannot access my iCloud Drive documents using the resident Pages and Numbers software on my MacBook Pro. Help needed.

    I have just upgraded to the new OS X V. 10.10.3 but cannot access my iCloud Drive documents using the resident Pages and Numbers software on my MacBook Pro. Help is needed to access those documents using the resident software on my MacBook Pro rather than the Beta software on iCloud.com.

    I have iCloud Drive set on the Finder sidebar and use that to open the Numbers Spreadsheet on iCloud.
    OSX 10.10.3
    Best.

  • ITunes has stopped working.  Can play songs, but cannot access store.  What do I do?

    iTunes has stopped working.  Can play songs, but cannot access store.  What do I do?

    Hello there, Ellen317.
    The following Knowledge Base article provides some great in-depth steps for troubleshooting your issue. Start with the section titled Troubleshoot issues in Windows:
    Can't connect to the iTunes Store
    http://support.apple.com/kb/ts1368
    Thanks for reaching out to Apple Support Communities.
    Cheers,
    Pedro

  • Installed Netweaver 2004s SP7 but cannot access any tools

    I have successfully Installed Netweaver 2004s SP7 Java version but cannot access any of the tool sets. When I try the URL's localhost:50100/irj or localhost:50100/caf it takes me to the initial screen. When I click on any of the tabs (example: Guided Procedures followed by Design time) everything is blank. If I type the URL localhost:50100/webdynpro/dispatcher/sap.com/cafeugpuidt/AppWorkset it takes me to the design time but when I click on anything to create actions or processes, I get the error message "The Web Dynpro 'AppWorkset' Application has expired. Restart the application with refresh button or the following link AppWorkset"
    My goal is to play with Guided Procedures. Is EP the only way to access design time and runtime or are there other ways?

    Yeah well that sounds like DNS problems so I suggest you change your DNS settings to use Google DNS servers at 8.8.8.8 and 8.8.4.4
    If you found this post helpful, please click on the star on the left
    If not, I'll try again

  • HT1657 Help. Movie downloaded on ipad2 but cannot access. No icon. No nothing. Had okayed 2 movie downloads-could that be a problem. Can not access either. A few months ago had seen a movie with no problem.

    Help. Movie downloaded on ipad2 but cannot access. No icon. No nothing. Had okayed 2 movie downloads-could that be a problem? Can not access either. A few months ago had seen a movie with no problem?

    My problem to as to how to access downloaded movies not solved.

  • Got help fixing my youtube problem, now that is working.  In the process of making the fix, lost my aol set up. Re installed it, but cannot access the icon. How do i get my AOL back?

    Got help fixing my youtube problem, now that is working.  In the process of making the fix, lost my aol set up. Re installed it, but cannot access the icon. How do i get my AOL back?

    If it's an application, it should be in the Applications folder. If in doubt, double click on the hardrive icon to open it up, then press Command+F (find) and in the window that comes up for what you want to find, type in AOL and it should appear. You can either drag it to the Dock for easy access or make an alias of that, and drag that alias to the Dock. Oh, and just so's you know, this forum is for Desktop macs only. We may be able to answer your question about a MacBook Pro. Same kind of animal, but different breeds.
    good luck
    John b

  • I bought Adobe Creative Suite 3 Master collection but cannot access it.

    I bought Adobe Creative Suite 3 Master collection but cannot access it.

    what's the problem?
    Downloadable installation files available:
    Suites and Programs:  CC 2014 | CC | CS6 | CS5.5 | CS5 | CS4, CS4 Web Standard | CS3
    Acrobat:  XI, X | 9,8 | 9 standard
    Premiere Elements:  13 |12 | 11, 10 | 9, 8, 7
    Photoshop Elements:  13 |12 | 11, 10 | 9,8,7
    Lightroom:  5.7.1| 5 | 4 | 3
    Captivate:  8 | 7 | 6 | 5
    Contribute:  CS5 | CS4, CS3
    Download and installation help for Adobe links
    Download and installation help for Prodesigntools links are listed on most linked pages.  They are critical; especially steps 1, 2 and 3.  If you click a link that does not have those steps listed, open a second window using the Lightroom 3 link to see those 'Important Instructions'.
    window using the Lightroom 3 link to see those 'Important Instructions'.

  • HT5527 I am using an older browser and OS because I cannot upgrade right now. I can access my email but cannot seem to put anything into the TRASH and if I do get some things to go in, I cannot empty. I would love to get compliant with my 5gb of free stor

    I am using an older browser and OS because I cannot upgrade right now. I can access my email but cannot seem to put anything into the TRASH and if I do get some things to go in, I cannot empty. I would love to get compliant with my 5gb of free storage!

        We are sorry to have lost you as a valued customer ndl9! I'm sorry to hear of the difficulties you are having with trying to pay your final bill. Our best recommendation is the pay my bill link, which should allow you access based on your former phone number or account number. Did you try both? As an additional option, you can reach our automated system from an alternate line by dialing 800-922-0204 and then entering your former wireless number. http://vz.to/1fdEQVi
    JonathanK_VZW
    VZW Support
    Follow Us on Twitter@VZWSupport

Maybe you are looking for