VPN, UC560 and a DSL domestic router.

Similar Messages

• Macbook Pro & Talk Talk DSL-3680 router

  Hi, I have unlimited broadband and a DSL-3680 router. As a rule everything works very well, I have an iPhone, iPad, apple tv, LG TV and a Macbook Pro, everything works well apart from the wifi connection to the macbook pro, it works for about 5 minutes and then drops for 5 minutes before coming back every 5 minutes, it's just the internet connection. I can still stream from my macbook to my apple tv in the time its dropped out, whilst its down all my other wifi devices work fine so I'm pretty sure its something to do with the macbook pro and this router. It works fine on other peoples wifi. Any suggestions would be very much appreciated.

  Please test after taking each of the following steps that you haven't already tried. Stop when the problem is resolved. Back up all data before making any changes.
  Step 1
  Take the applicable steps in this support article. The Wireless Diagnostics program generates a large file of information about your system, which would be used by Apple Engineering in case of a support incident. Don't post the contents here.
  Step 2
  Disconnect all USB 3 devices. If you don't know which are USB 3, disconnect all USB devices except keyboard and mouse.
  Step 3
  If you're not using a wireless keyboard or trackpad, disable Bluetooth by selecting Turn Bluetooth Off from the menu with the Bluetooth icon. If you don't have that menu, open the Bluetooth preference pane in System Preferences and check the box marked Show Bluetooth in menu bar. Test. If you find that Wi-Fi works better with Bluetooth disabled, you should use the 5 GHz Wi-Fi band. Your router may not support it; in that case, you need a new router.
  Step 4
  Open the Network pane in System Preferences and make a note of your settings in the Wi-Fi service. It may be helpful to take screenshots of the various tabs in the preference pane. If the preference pane is locked, unlock it by clicking the padlock icon and entering your administrator password. Delete Wi-Fi from the service list on the left by selecting it and clicking the minus-sign button at the bottom. Then recreate the service by clicking the plus-sign button and following the prompts.
  Step 5
  Reset the System Management Controller.
  Step 6
  Make a "Genius" appointment at an Apple Store, or go to another authorized service center.

• Have lost ability to connect Cisco VPN - Westell 6100G modem and Netgear WNR1000 v2 router

  I have lost the ability to connect my work laptop VPN through my verizon dsl connection.  It works at the library, at hotels, and over my BB tether.  Corporate IT thinks it is either the router or the modem.  There are also some websites that will not load, such as tetongravity.com.  The websites seem to be a problem over a wired connection as well as wireless, and I have only tried attaching the VPN while on a wirelesss connection.
  Any advice on how to straighten this out?  I have rebooted both a couple of times and updated the firmward on the router to no avail.  Also, do you know what the default user name and password are on the modem?
  Any help would be appreciated.
  John

  PS - it worked last week, and stopped working over the weekend.

• How to configure full tunnel with VPN client and router?

  I know the concept of split tunnel....Is it possibe to configure vpn client and router full tunnel or instead of router ASA? I know filter options in concentrators is teher options in ISR routers or ASA?

  I think it is possible. Following links may help you
  http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml

• VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client

  Hello,
  I have problem in VPN between ASA5505 Easy VPN Server and 881G Router as Easy VPN Client. ASA 5505 have 7.2.3 software and 881G router have 15.1 software.
  881G is configured as hardware client in network exstention mode, and it is placed behind NAT. ASA5505 is working as server. Same VPN Group works correctly from VPN software clients.
  When I send traffic from 881G client side, in show cryto sessin detail I see encrypted packets. But with same command I dont see decrypted packet on ASA5505 side. On both devices Phase 1 and Phase 2 are UP. 
  VPN is working when I replace ASA5505 with ASA5510  correctly with have 8.4.6 software. But problem is that i need to do this VPN between ASA5505 and 881G.
  Can you help me, how can I debug or troubleshoot this problem ?
  I am unable to update software on ASA5505 side.

  Hello,
  Hire is what my config look like:
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto dynamic-map outside_dyn_map 20 set pfs
  crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 40 set pfs
  crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 60 set pfs
  crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 80 set pfs
  crypto dynamic-map outside_dyn_map 80 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 100 set pfs
  crypto dynamic-map outside_dyn_map 100 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 120 set pfs
  crypto dynamic-map outside_dyn_map 120 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 140 set pfs
  crypto dynamic-map outside_dyn_map 140 set transform-set ESP-AES-128-SHA
  crypto dynamic-map outside_dyn_map 160 set pfs
  crypto dynamic-map outside_dyn_map 160 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 180 set pfs
  crypto dynamic-map outside_dyn_map 180 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 200 set pfs
  crypto dynamic-map outside_dyn_map 200 set transform-set ESP-AES-256-SHA
  crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 1
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  crypto isakmp policy 2
   authentication pre-share
   encryption 3des
   hash sha
   group 1
   lifetime 86400
  crypto isakmp policy 3
   authentication pre-share
   encryption des
   hash sha
   group 2
   lifetime 86400
  tunnel-group HW-CLIENT-GROUPR type ipsec-ra
  tunnel-group HW-CLIENT-GROUP general-attributes
   address-pool HW-CLIENT-GROUP-POOL
   default-group-policy HW-CLIENT-GROUP
  tunnel-group HW-CLIENT-GROUP ipsec-attributes
   pre-shared-key *******
  group-policy HW-CLIENT-GROUP internal
  group-policy HW-CLIENT-GROUP attributes
   password-storage enable
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value cisco_splitTunnelAcl
   nem enable

• Problem with WRT54G and DSL NAT router

  I have a WRT54G connected to a Westell DSL NAT router. I would like to be able to allow incoming connections to my FreeBSD server.
  The Westell router allows me to set IP Passthrough (they call it "Single Static IP"). This gives the WRT54G the outside IP address given to the DSL router. I can then set up the WRT54G for DDNS and port forwarding to forward specific ports I want to my server.
  This works, for about 2-3 days. Then, I start to randomly lose outside connectivity. Web pages start coming up with missing elements, or taking a long time to load. This will eventually lead to total loss of outgoing communication.
  Normally, I would blame this on the Westell NAT router, but as I'm losing connectivity to the internet, I'm also losing connectivity to the WRT54G. It will try to load configuration pages but will be slow with missing elements, etc.
  All communications between computers on my inside network continue to function properly, it's just connectivity to the WRT54G and the internet that seem to start to fail.
  Does anyone have any idea what is going on? I just upgraded the firmware on the WRT54G from 1.01.1 to 1.02.0, but I don't imagine this will help.
  Thanks,
  David Chamberlain

  Try setting the MTU to manual and change the value to 1450
  "Only those who risk going too far can possibly find out how far one can go..."

• HT1695 I am at home and have  a wireless router on my DSL line.  I have been using the iPad for about a month without difficulty and tonight it will not connect.  I do not understand why and yes, I am electronically challenged so be gentle!

  I recently purchased an iPad after using a laptop and PC for years.  I use a wireless router connected to a DSL line at home and have been using the iPad without difficulty for about a month and tonight it will not connect to the Internet.  There is not a problem with the DSL or router.  I am using the laptop now.  Could someone please give this eectnically challenged individual assistance?

  1. Turn router off for 30 seconds and on again
  2. Settings>General>Reset>Reset Network Settings

• WiFi Problems w/ OS X 10.4.11 and Speedport W 502V DSL Modem/Router

  We just moved to Germany again, so went to Deutsche Telekom (DT) for Internet/phone access. They sold us a Speedport W 502V DSL Modem/Router with manuals--all in German, as DT does (DT offers NO support in English; some would argue they offer no customer support at all).
  Babelfish and I managed to configure a late-model eMac, G4 PowerBook and two iPhones with the DSL router, with pretty good success (sometimes we have intermittent Internet connectivity). Then our household goods were delivered and we unpacked and set up the G4 dual-GHz tower. So...the G4's Airport (not Airport Extreme) "sees" the WLAN and the https://speedport.ip site "sees" the IP address of the G4, but the G4 can't join the network, no matter what I try. It's to the point that I think it's something painfully obvious that I'm missing and I must be too far in the weeds...so now I need fresh eyes on the problem.
  I have no computer connected to the Speedport, and wouldn't have thought that was the problem because the other non-physically-connected computers are using the WLAN network. Thanks for any help!

  hi kathryn
  did it have to be the Telekom, by all means??
  anyway, first of all a link to a video where a german comedian writes a letter to steve jobs demanding he chose any carrier but the DTAG for the iPhone distribution in germany - really funny!
  http://bit.ly/4B4OdQ
  OK, I´m currently downloading the speedport manual from their website and will look through it, in order to see if there´s something in there..
  as a first guess I´d try looking at the wireless prefs of that speedport box. I guess it supports by default 802.11a/b/g, whereas the G4 only does 802.11b (the "normal" airport). Try selecting only the 802.11b portion from the speedport (that makes networking somewhat slower for airport express computers, but shoudn´t be a problem since it´s still at least as fast as basic DSL service (11MBit vs 2 or 6 MBit)
  cheers
  Matt
  (german in spain)

• Site-Site VPN PIX501 and CISCO Router

  Hello Experts,
  I'm having a test lab at home, I configure a site-to-site vpn using Cisco PIX501 and CISCO2691 router, for the configurations i just some links on the internet because my background on VPN configuration is not too well, for the routers configuration i follow this link:
  www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/867-cisco-router-site-to-site-ipsec-vpn.html
  and for the pIX configuration I just use the VPN wizard of pix. Done all the confgurations but ping is unsuccessful. Hope you can help me with this, don't know what needs to be done here (Troubleshooting).
  Attached here is my router's configuration, topology as well as the pix configuration. Hope you can help me w/ this. Thanks in advance.

  YES! IT FINALLY WORKS NOW! Here's the updated running-config
  : Saved
  PIX Version 7.2(2)
  hostname PIX
  domain-name aida.com
  enable password 2KFQnbNIdI.2KYOU encrypted
  names
  name 172.21.1.0 network2 description n2
  interface Ethernet0
  speed 100
  duplex full
  nameif OUTSIDE
  security-level 0
  ip address 1.1.1.1 255.255.255.252
  interface Ethernet1
  nameif INSIDE
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  interface Ethernet2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet4
  shutdown
  no nameif
  no security-level
  no ip address
  passwd 2KFQnbNIdI.2KYOU encrypted
  ftp mode passive
  dns server-group DefaultDNS
  domain-name aida.com
  access-list TO_ENCRYPT_TRAFFIC extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
  access-list nonat extended permit ip 192.168.1.0 255.255.255.0 network2 255.255.255.0
  pager lines 24
  mtu OUTSIDE 1500
  mtu INSIDE 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image flash:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (OUTSIDE) 1 interface
  nat (INSIDE) 0 access-list nonat
  nat (INSIDE) 1 192.168.1.0 255.255.255.0
  route OUTSIDE 0.0.0.0 0.0.0.0 1.1.1.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  username mark password MwHKvxGV7kdXuSQG encrypted
  http server enable
  http 192.168.1.3 255.255.255.255 INSIDE
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto map MYMAP 10 match address TO_ENCRYPT_TRAFFIC
  crypto map MYMAP 10 set peer 2.2.2.2
  crypto map MYMAP 10 set transform-set MYSET
  crypto map MYMAP interface OUTSIDE
  crypto isakmp enable OUTSIDE
  crypto isakmp policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  tunnel-group 2.2.2.2 type ipsec-l2l
  tunnel-group 2.2.2.2 ipsec-attributes
  pre-shared-key *
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  prompt hostname context
  Cryptochecksum:8491323562e3f1a86ccd4334cd1d37f6
  : end
  ROUTER:
  R9#sh run
  Building configuration...
  Current configuration : 3313 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname R9
  boot-start-marker
  boot-end-marker
  aaa new-model
  aaa authentication login default local
  aaa authorization config-commands
  aaa authorization exec default local
  aaa session-id common
  resource policy
  memory-size iomem 5
  ip cef
  no ip domain lookup
  ip domain name aida.com
  ip ssh version 2
  crypto pki trustpoint TP-self-signed-998521732
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-998521732
  revocation-check none
  rsakeypair TP-self-signed-998521732
  crypto pki certificate chain TP-self-signed-998521732
  A75B9F04 E17B5692 35947CAC 0783AD36 A3894A64 FB6CE1AB 1E3069D3
    A818A71C 00D968FE 3AA7463D BA3B4DE8 035033D5 0CA458F3 635005C3 FB543661
    9EE305FF 63
    quit
  username mark privilege 15 secret 5 $1$BTWy$PNE9BFeWm1SiRa/PiO9Ak/
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key cisco address 1.1.1.1 255.255.255.252
  crypto ipsec transform-set MYSET esp-3des esp-sha-hmac
  crypto map MYMAP 10 ipsec-isakmp
  set peer 1.1.1.1
  set transform-set MYSET
  match address TO_ENCRYPT_TRAFFIC
  interface FastEthernet0/0
  ip address 2.2.2.2 255.255.255.252
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map MYMAP
  interface FastEthernet0/1
  ip address 172.21.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 2.2.2.1
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat inside source list NAT_IP interface FastEthernet0/0 overload
  ip access-list extended NAT_IP
  deny   ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
  permit ip 172.21.1.0 0.0.0.255 any
  ip access-list extended TO_ENCRYPT_TRAFFIC
  permit ip 172.21.1.0 0.0.0.255 192.168.1.0 0.0.0.255
  control-plane
  line con 0
  exec-timeout 0 0
  logging synchronous
  line aux 0
  line vty 0 4
  transport input ssh
  end

• My router does vpn passthrough and is set up correctly. Does it also have to host the vpn?

  my router does vpn passthrough and is set up correctly. Does it also have to host the vpn?
  Thanks
  Greg

  Not sure I understand your question or problem, but I'll give it a shot.
  No, you do not have to host the VPN server on your router.  That wouldn't do you any good for working around the limitations of the VZW network anyways since you are still on the same VZW network.  When you setup a VPN you normally want it to be on someone else's network so you can enable things like port forwarding and remote access.
  The VPN Passthrough feature only allows your VPN clients to access VPN servers, its not the same thing as hosting.  If you want your router to auto connect to a VPN server (which is more common) that is something different.  VPN clients connect to VPN servers.  VPN clients are normally installed on your personal devices or your router.  VPN servers are geographically located somewhere else and on someone else's network.

• I have AirPort Express 802.11n and ATT DSL Pro. The speed at the ATT modem is 4 Mbps however the speed at my computer, ipad, and ipod touch is only 1.7 Mbps. The ATT tech came out and said the slowdown is being caused by the AirPort router. Help!

  I need help with the speed of AirPort Express and ATT DSL.

  I just discovered this, and it seems to have solved issues with my Time Capsule.
  Open AirPort Utility; select your AirPort Express and choose manual setup.
  Click >Wireless
  Change Radio Mode to 802.11a/n - 802.11b/g
  Click >Wireless Network Options
  Change Transmit Power to 50%
  Check >Use interference robustness < This step is purely optional. It's worth a shot.
  I've been noticing issues with performance of my Time Capsule for a while.
  It really started with lack of good range, followed by lousy performance with my iPhone 4 and iPad 2. I was lucky to get 10% of what my speed really is (1.5 Mbps vs. 15.9 Mbps). My iMac was the only thing that seemed unaffected.
  I attempted to setup a Sony Media Player (stay away from them- junk!) then a Roku XD in my bedroom only 20' down the hall from the Time Capsule (direct line of sight). Signal kept dropping and performance was lousy for both. I want another new Apple TV for the bedroom, but that TV doesn't have an HDMI port. I ended up running an ethernet cable down the hall... until this morning.
  After some digging, I found a forum talking about WiFi performance for iPhones and stumbled upon something kinda basically unrelated, but gave me the idea to dig into AirPort Utility a bit deeper. Changing power to 50% didn't sound logical, but lowering output power was mentioned in the forum. AirPort Utility goes from 100% to 50% then lower. Nothing between 50% and 100%. I'll know more about range later today, but I have a feeling it may be mysteriously improved as well.
  Hope it works out for you!

• Cisco ASA 8.3(1) with VPN Client and IP Communicator - one way communication

  Hi Community.
  I have a strange problem with my setup and I'm pretty sure it's either some type of routing (or NAT) or just a missing rule allowing the traffic. But I'm now at a point where I'd like to request your help.
  I have some remote access users who have the Cisco IP Communicator (CIPC) installed on their notebooks. So:
  VPN user with CIPC <> ASA Firewall <> Voice Router <> CCM <> IP Phone
  The VPN works fine for any other traffic. Also the basic connection for the IP Communicator works fine. It get's connected to the CallManager, is shown as registered and you even can call an internal phone and also external phones. BUT: while you can hear the called party (so the internal phone) it doesn't work for the other way. There is no sound coming from the remote/caller.
  I already figured out that it's also not possible to ping from the VPN phone to the internal IP Phone subnet. While the VPN user can ping any other device in the internal network, he can't do it to the Cisco IP Phones. But if the VPN phone calls a none-internal phone (mobiles...) - it works!
  My thought is that the call can't be build up correctly between the VPN phone and the internal phone.
  I found similiar situations with google but they are all for the other way around: call to internal works, but not to VPN.
  What do you think?

  Hi,
  Typically ASA lists specific networks to the VPN Client when Split Tunnel is used.
  This would mean that there is a Split Tunnel ACL used in the ASA configurations for this VPN connection which needs to have the missing network added for the traffic to be tunneled to the VPN connection.
  - Jouni

• Mavericks VPN dropouts with native VPN client and Cisco IPSec

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

  Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
  I am connecting via a WIFI router to a remote VPN server
  The conenction is good for a while but eventually it drops out.
  I had Zero issues in mountain lion and only have issues since the update to 10.9
  I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
  My thoughts are:
  1 -issue with mavericks  ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
  2- Issue with  cisco router compaitibility or timing with Cisco IPSEC
  3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
  Any thousuggestions?

• Cisco ASA 5505, Cisco VPN Client and Novell Netware

  Hi,
  Our ISP have installed Cisco ASA 5505 firewall. We are trying to connect to our Novell 5.1 server using VPN client.
  I installed VPN client on a laptop that is using wireless connection. I connect using wireless signal from near by hotel and I am able to connect to my firewall usinging vpn client and also able to login in using Novell client for XP.
  When I use same vpn client and Novell client at home that is not using wireless connection, but DSL connection amd not able to login or find the tree.
  The only difference in two machine is laptop using wireless connection and my home machine is using wired connection using DSL.

  If your remote end of the services in question support IPsec IKEv1 as the VPN type then, yes - the 5505 can be a client for that service. At that point it looks like a regular LAN-LAN VPN which is documented in many Cisco and 3rd party how-to documents.

• Problem with VPN Client and PIX 7.0(5)

  Hi, i have a problem configuring my pix 525 7.0(5) as a remote vpn server. I already configure the pix
  sollowing this instructions (http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008060f25c.shtml)
  and i can establish a vpn using CISCO VPN Client; but i can't reach any resource from my inside network or any network define in the PIX.
  I think that could be a missing nat or an acl; but i have do a lot of research but i can figure out the solution.
  This is the configuration i apply
  access-list cryptomap-scada extended permit ip any 172.10.0.0 255.255.255.0
  access-list acl-vpn-sap-remoto extended permit ip any 172.16.42.64 255.255.255.224
  access-list acl-vpn-sap-remoto extended permit icmp any 172.16.42.64 255.255.255.224
  access-list acl-vpn-sap-remoto extended permit ip any any
  access-list acl-vpn-sap-remoto extended permit icmp any any
  ip local pool pool_vpn_sap 172.*.*.1-172.10.0.254 mask 255.255.255.0
  nat (inside) 0 access-list cryptomap-scada
  group-policy VPN_SAP_PED internal
  group-policy VPN_SAP_PED attributes
  vpn-filter value acl-vpn-sap-remoto
  vpn-tunnel-protocol IPSec
  username vpnuser password **** encrypted
  username vpnuser attributes
  vpn-group-policy VPN_SAP_PED
  crypto ipsec transform-set vpn-cliente-remoto esp-3des esp-md5-hmac
  crypto dynamic-map vpn-remoto-dymap 7 set transform-set vpn-cliente-remoto
  crypto dynamic-map vpn-remoto-dymap 7 set reverse-route
  crypto map siemens-scada-map 7 ipsec-isakmp dynamic vpn-remoto-dymap
  isakmp policy 7 authentication pre-share
  isakmp policy 7 encryption 3des
  isakmp policy 7 hash sha
  isakmp policy 7 group 2
  isakmp policy 7 lifetime 43200
  tunnel-group VPN_SAP_PED type ipsec-ra
  tunnel-group VPN_SAP_PED general-attributes
  address-pool pool_vpn_sap
  default-group-policy VPN_SAP_PED
  tunnel-group VPN_SAP_PED ipsec-attributes
  pre-shared-key clavevpnsap
  Thanks in Advanced

  Hi, thanks for you response, if i remove the acl form de vpn filter, i get the same problem (i can't reach any host). This is the output from the command that you ask for.
  PIX-Principal(config)# show running-config nat
  nat (inside) 0 access-list cryptomap-scada
  nat (inside) 9 JOsorioPC 255.255.255.255
  nat (inside) 9 GColinaPC 255.255.255.255
  nat (inside) 9 AlfonsoPC 255.255.255.255
  nat (inside) 9 AngelPC 255.255.255.255
  nat (inside) 9 JerryPC 255.255.255.255
  nat (inside) 9 EstebanPC 255.255.255.255
  nat (inside) 9 GiancarloPC 255.255.255.255
  nat (inside) 9 WilliamsPC 255.255.255.255
  nat (inside) 9 PerniaPC 255.255.255.255
  nat (inside) 9 ElvisDomPC 255.255.255.255
  nat (inside) 8 LBermudezPC 255.255.255.255
  nat (inside) 9 HelpDeskPC 255.255.255.255
  nat (inside) 9 OscarOPC 255.255.255.255
  nat (inside) 9 AnaPC 255.255.255.255
  nat (inside) 9 RobertoPC 255.255.255.255
  nat (inside) 9 MarthaPC 255.255.255.255
  nat (inside) 9 NOCPc5-I 255.255.255.255
  nat (inside) 9 NOCPc6-I 255.255.255.255
  nat (inside) 9 CiraPC 255.255.255.255
  nat (inside) 9 JaimePC 255.255.255.255
  nat (inside) 9 EugemarPC 255.255.255.255
  nat (inside) 9 JosePC 255.255.255.255
  nat (inside) 9 RixioPC 255.255.255.255
  nat (inside) 9 DaniellePC 255.255.255.255
  nat (inside) 9 NorimarPC 255.255.255.255
  nat (inside) 9 NNavaPC 255.255.255.255
  nat (inside) 8 ManriquePC 255.255.255.255
  nat (inside) 8 MarcialPC 255.255.255.255
  nat (inside) 8 JAlbornozPC 255.255.255.255
  nat (inside) 9 GUrdanetaPC 255.255.255.255
  nat (inside) 9 RVegaPC 255.255.255.255
  nat (inside) 9 LLabarcaPC 255.255.255.255
  nat (inside) 9 Torondoy-I 255.255.255.255
  nat (inside) 9 Escuque-I 255.255.255.255
  nat (inside) 9 Turbio-I 255.255.255.255
  nat (inside) 9 JoseMora 255.255.255.255
  nat (inside) 8 San-Juan-I 255.255.255.255
  nat (inside) 8 Router7507 255.255.255.255
  nat (inside) 8 NOCPc4-I 255.255.255.255
  nat (InterfaceSAN) 8 MonitorHITACHI-I 255.255.255.255