Here it is:

object network 192.168.239.0
 subnet 192.168.239.0 255.255.255.128
 description 192.168.239.0
object network NETWORK_OBJ_192.168.239.0_25
 subnet 192.168.239.0 255.255.255.128
object network pool-vpn-prueba
 subnet 192.168.239.0 255.255.255.128
object-group network redvpn
 network-object object 192.168.199.0


 
access-list INSIDE_Prueba_access_in extended permit ip object 192.168.199.0 any

access-list ACL-tunel-vpn-prueba standard permit 192.168.239.0 255.255.255.0
access-list ACL-tunel-vpn-prueba standard permit 192.168.199.0 255.255.255.0

access-list INSIDE_Prueba_access_out extended permit ip 192.168.199.0 255.255.255.0 any

ip local pool pool-vpn-prueba 192.168.239.1-192.168.239.100 mask 255.255.255.0


nat (INSIDE_Prueba,OUTSIDE) source static redvpn redvpn destination static NETWORK_OBJ_192.168.239.0_25 NETWORK_OBJ_192.168.239.0_25 no-proxy-arp

nat (CARRIERS,OUTSIDE) after-auto source dynamic any interface
nat (INSIDE_Prueba,OUTSIDE) after-auto source dynamic any interface

nat (OUTSIDE,OUTSIDE) after-auto source static pool-vpn-prueba interface no-proxy-arp
access-group OUTSIDE_access_in in interface OUTSIDE
access-group CARRIERS_access_in in interface CARRIERS
access-group CARRIERS_access_out out interface CARRIERS
access-group INSIDE_Prueba_access_in in interface INSIDE_Prueba
access-group INSIDE_Prueba_access_out out interface INSIDE_Prueba


crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map INSIDE_Prueba_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map INSIDE_Prueba_map interface INSIDE_Prueba
crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OUTSIDE_map interface OUTSIDE
crypto ikev1 enable OUTSIDE
crypto ikev1 enable INSIDE_Prueba
crypto ikev1 policy 10
 authentication crack
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication crack
 encryption aes-192
 hash sha     
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication crack
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha     
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 100
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha     
 group 2
 lifetime 86400
crypto ikev1 policy 130
 authentication crack
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access INSIDE_Prueba
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
group-policy policiy-tunel-vpn-prueba-all internal
group-policy policiy-tunel-vpn-prueba-all attributes
 dns-server value 209.244.0.3 209.244.0.4
 vpn-tunnel-protocol ikev1 ssl-clientless
 split-tunnel-policy tunnelall
group-policy policiy-tunel-vpn-prueba-split internal
group-policy policiy-tunel-vpn-prueba-split attributes
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ACL-tunel-vpn-prueba

tunnel-group tunel-vpn-prueba type remote-access
tunnel-group tunel-vpn-prueba general-attributes
 address-pool pool-vpn-prueba
 default-group-policy policiy-tunel-vpn-prueba-split
tunnel-group tunel-vpn-prueba ipsec-attributes
 ikev1 pre-shared-key *****

I think that would be all but maybe I miss some lines related to what you ask. If you need anything else please let me know.

Thanks.

1) What happen when you try to ping from remote PC (192.168.239.x) to LAN server/PC (192.168.199.x)  instead of packet tracer command?

2) Are to able to setup VPN session successfully or getting some error while to connect?

3) Are you inspecting the ICMP traffic?

4) You need to allow the traffic in outbound ACL INSIDE_Prueba_access_out. Following is the command. 

access-list INSIDE_Prueba_access_out extended permit ip 192.168.239.0 255.255.255.128  192.168.199.0 255.255.255.0

first of all the command you refer in 4) made no difference, and about tyour other questions:

1) nothing happens

2) VPN comes up fast and without any errors

3) how and where can I inspect ICMP traffic??

Thanks.

I ran a tcpdump in the internal PC while ping it from PC connected through VPN and internal PC receive and reply packets...I think ASA is not permiting traffic in both directions.Here's tcpdump:

gaspar@gaspar-Lenovo-ideapad-310-15ISK ~ $ sudo tcpdump -i enp1s0 | grep 192.168.239.3
[sudo] password for gaspar:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes
13:23:17.968146 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 843, length 40
13:23:17.968170 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 843, length 40
13:23:22.946540 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 844, length 40
13:23:22.946573 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 844, length 40
13:23:27.958995 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 845, length 40
13:23:27.959013 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 845, length 40
13:23:32.946256 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 846, length 40
13:23:32.946275 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 846, length 40
13:23:37.954738 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 847, length 40
13:23:37.954762 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 847, length 40
13:23:42.953934 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 848, length 40
13:23:42.953967 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 848, length 40
13:23:47.973584 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 849, length 40
13:23:47.973605 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 849, length 40
13:23:52.953619 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 850, length 40
13:23:52.953646 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 850, length 40
13:23:57.964301 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 851, length 40
13:23:57.964323 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 851, length 40
13:24:02.945082 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 852, length 40
13:24:02.945104 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 852, length 40
13:24:07.957750 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 853, length 40
13:24:07.957770 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 853, length 40
13:24:12.950293 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 854, length 40
13:24:12.950342 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 854, length 40
13:24:17.946094 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 855, length 40
13:24:17.946115 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 855, length 40
13:24:22.958903 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 856, length 40
13:24:22.958924 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 856, length 40
13:24:27.954405 IP 192.168.239.3 > 192.168.199.30: ICMP echo request, id 1, seq 857, length 40
13:24:27.954426 IP 192.168.199.30 > 192.168.239.3: ICMP echo reply, id 1, seq 857, length 40
^C14559 packets captured
14576 packets received by filter
0 packets dropped by kernel
38 packets dropped by interface

no more help?????

Try to add the following command:-

access-list INSIDE_Prueba_access_in extended permit ip 192.168.199.0 255.255.255.0 192.168.239.0 255.255.255.128

Establish a VPN session between ASA and VPN client. Setup captures at ASA. Following are commands to setup capture
access-list TEST extended permit ip 192.168.199.0 255.255.255.0 192.168.239.0 255.255.255.128

access-list TEST extended permit ip 192.168.239.0 255.255.255.128 192.168.199.0 255.255.255.0 

capture CAP interface INSIDE_Prueba access-list TEST buffer 100000

and post the following outputs:-

1) show capture CAP 

2) sh conn | in 192.168.239.
3) sh xlate | in 192.168.239.

After did what you said:

ASA5580# show capture CAP

14 packets captured

   1: 16:08:46.154761 192.168.239.3 > 192.168.199.33: icmp: echo request
   2: 16:08:51.163581 192.168.239.3 > 192.168.199.33: icmp: echo request
   3: 16:08:56.157538 192.168.239.3 > 192.168.199.33: icmp: echo request
   4: 16:09:01.151466 192.168.239.3 > 192.168.199.33: icmp: echo request
   5: 16:09:06.160025 192.168.239.3 > 192.168.199.33: icmp: echo request
   6: 16:09:11.153083 192.168.239.3 > 192.168.199.33: icmp: echo request
   7: 16:09:16.152442 192.168.239.3 > 192.168.199.33: icmp: echo request
   8: 16:09:21.147285 192.168.239.3 > 192.168.199.33: icmp: echo request
   9: 16:09:26.154044 192.168.239.3 > 192.168.199.33: icmp: echo request
  10: 16:09:31.170050 192.168.239.3 > 192.168.199.33: icmp: echo request
  11: 16:09:36.157401 192.168.239.3 > 192.168.199.33: icmp: echo request
  12: 16:09:41.177358 192.168.239.3 > 192.168.199.33: icmp: echo request
  13: 16:09:46.171698 192.168.239.3 > 192.168.199.33: icmp: echo request
  14: 16:09:51.165473 192.168.239.3 > 192.168.199.33: icmp: echo request
14 packets shown

ASA5580# sh conn | in 192.168.239. shows nothing, but:

ASA5580# sh conn | in 192.168.239.3
ICMP OUTSIDE 192.168.239.3:1 INSIDE_Prueba 192.168.199.33:0, idle 0:00:01, bytes 32

and:

ASA5580# sh xlate | in 192.168.239.
NAT from OUTSIDE:192.168.239.0/25 to INSIDE_Prueba:192.168.239.0/25
NAT from OUTSIDE:192.168.239.0/25 to OUTSIDE:170.80.240.2

forgive me for asking but, is it so hard what I want to do???
Thanks.

There is one way traffic in ASA captures. This means either inbound ACL is dropping the return traffic or Server has wrong default gateway settings or wrong route for 192.168.239.0/24 subnet.

Verify the following:-

1) ASA's  INSIDE_Prueba interface ACL. (Post the output of "show access-list INSIDE_Prueba_access_in" and "show access-list INSIDE_Prueba_access_out").

2) Default Gateway of server

3) Route entries at server (Post the output of cmd "route print" command).

ASA5580# show access-list INSIDE_Prueba_access_in
access-list INSIDE_Prueba_access_in; 6 elements; name hash: 0xafbf4ce6
access-list INSIDE_Prueba_access_in line 1 extended permit ip 192.168.62.0 255.255.255.0 any (hitcnt=39561) 0x716f37f7
access-list INSIDE_Prueba_access_in line 2 extended permit ip object 172.16.99.0 any (hitcnt=90342246) 0x4427b2ed
  access-list INSIDE_Prueba_access_in line 2 extended permit ip 172.16.99.0 255.255.255.0 any (hitcnt=90342246) 0x4427b2ed
access-list INSIDE_Prueba_access_in line 3 extended permit ip object 192.168.199.0 any (hitcnt=155560) 0x168ba1f4
  access-list INSIDE_Prueba_access_in line 3 extended permit ip 192.168.199.0 255.255.255.0 any (hitcnt=155560) 0x168ba1f4
access-list INSIDE_Prueba_access_in line 4 extended permit ip object 10.228.0.0 any (hitcnt=1599026) 0xa793330c
  access-list INSIDE_Prueba_access_in line 4 extended permit ip 10.228.0.0 255.255.240.0 any (hitcnt=1599026) 0xa793330c
access-list INSIDE_Prueba_access_in line 5 extended permit ip 10.227.224.0 255.255.252.0 192.168.199.0 255.255.255.0 (hitcnt=0) 0xa4d41a0d
access-list INSIDE_Prueba_access_in line 6 extended permit ip 192.168.199.0 255.255.255.0 192.168.239.0 255.255.255.128 (hitcnt=0) 0xc9b601cc

ASA5580# show access-list INSIDE_Prueba_access_out
access-list INSIDE_Prueba_access_out; 4 elements; name hash: 0x68c766de
access-list INSIDE_Prueba_access_out line 1 extended permit ip 10.227.224.0 255.255.252.0 any (hitcnt=7363) 0x6bf6b718
access-list INSIDE_Prueba_access_out line 2 extended permit ip 192.168.199.0 255.255.255.0 any (hitcnt=0) 0xbde038cd
access-list INSIDE_Prueba_access_out line 3 extended permit ip any object 172.16.99.0 (hitcnt=0) 0x6622900f
  access-list INSIDE_Prueba_access_out line 3 extended permit ip any 172.16.99.0 255.255.255.0 (hitcnt=669327) 0x6622900f
access-list INSIDE_Prueba_access_out line 4 extended permit ip 192.168.239.0 255.255.255.128 192.168.199.0 255.255.255.0 (hitcnt=0) 0x9aa43cbf

Pic attached with Default Gateway of server and Route entries

Thanks!

Whose IP is 192.168.199.254?

It seems that something wrong with ASA configuration. Can you post the ASA 's full config? Please remember to remove the  sensitive information before posting (like public IP, Passwords etc.)

ASA5580# sh running-config
: Saved
:
ASA Version 8.4(5)
!
hostname ASA5580
enable password TFy5Z encrypted
passwd 2KFQnbNIdI encrypted
names
!
interface Management0/0
 nameif management
 security-level 0
 ip address 192.168.0.44 255.255.255.0
!
interface Management0/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet3/0
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet3/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet3/2
 nameif CARRIERS
 security-level 30
 ip address 10.227.224.3 255.255.252.0
!
interface GigabitEthernet3/3
 nameif INSIDE_Prueba
 security-level 40
 ip address 192.168.62.254 255.255.255.0
!
interface TenGigabitEthernet5/0
 nameif CMTS
 security-level 50
 ip address 192.168.61.9 255.255.255.0
!
interface TenGigabitEthernet5/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface TenGigabitEthernet7/0
 nameif OUTSIDE
 security-level 0
 ip address 170.X.X.2 255.255.255.240
!
interface TenGigabitEthernet7/1
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network 10.19.0.0
 subnet 10.19.0.0 255.255.0.0
object network 170.X.X.3
 host 170.X.X.3
object network 170.X.X.4
 host 170.X.X.4
object network 170.X.X.5
 host 170.X.X.5
object network 170.X.X.6
 host 170.X.X.6
object network 170.X.X.7
 host 170.X.X.7
object network 170.X.X.8
 host 170.X.X.8
object network 170.X.X.9
 host 170.X.X.9
object network 170.X.X.10
 host 170.X.X.10
object network 170.X.X.11
 host 170.X.X.11
object network 170.X.X.12
 host 170.X.X.12
object network 170.X.X.13
 host 170.X.X.13
object network 170.X.X.14
 host 170.X.X.14
object network 10.27.0.0
 subnet 10.27.0.0 255.255.0.0
object network 10.25.0.0
 subnet 10.25.0.0 255.255.0.0
object network 10.9.0.0
 subnet 10.9.0.0 255.255.0.0
object network 10.39.0.0
 subnet 10.39.0.0 255.255.0.0
object network 10.11.0.0
 subnet 10.11.0.0 255.255.0.0
object network 10.35.0.0
 subnet 10.35.0.0 255.255.0.0
object network 10.33.0.0
 subnet 10.33.0.0 255.255.0.0
object network 10.13.0.0
 subnet 10.13.0.0 255.255.0.0
object network 10.17.0.0
 subnet 10.17.0.0 255.255.0.0
object network 10.37.0.0
 subnet 10.37.0.0 255.255.0.0
object network 10.41.0.0
 subnet 10.41.0.0 255.255.0.0
object network 10.45.0.0
 subnet 10.45.0.0 255.255.0.0
object network 170.X.X.16
 host 170.X.X.16
object network 170.X.X.17
 host 170.X.X.17
object network 170.X.X.18
 host 170.X.X.18
object network 170.X.X.19
 host 170.X.X.19
object network 170.X.X.20
 host 170.X.X.20
object network 170.X.X.21
 host 170.X.X.21
object network 170.X.X.22
 host 170.X.X.22
object network 170.X.X.23
 host 170.X.X.23
object network 170.X.X.24
 host 170.X.X.24
object network 170.X.X.25
 host 170.X.X.25
object network 10.47.0.0
 subnet 10.47.0.0 255.255.0.0
object network 170.X.X.26
 host 170.X.X.26
object network 170.X.X.27
 host 170.X.X.27
object network 170.X.X.28
 host 170.X.X.28
object network 170.X.X.29
 host 170.X.X.29
object network 170.X.X.30
 host 170.X.X.30
object network 170.X.X.31
 host 170.X.X.31
object network 10.49.0.0
 subnet 10.49.0.0 255.255.0.0
object network Prueba-10.227.225.210
 host 10.227.225.210
object network 10.227.225.210
 host 10.227.225.210
object network 172.16.99.0
 subnet 172.16.99.0 255.255.255.0
object network 172.16.99.22
 host 172.16.99.22
object network 10.50.0.0
 subnet 10.50.0.0 255.255.0.0
object network 10.51.0.0
 subnet 10.51.0.0 255.255.0.0
object network 10.227.225.20
 host 10.227.225.20
object network CentroValle_1930
 host 10.227.225.20
object network CentroValle_1946
 host 10.227.225.20
object network 170.X.X.2
 host 170.X.X.2
object network Stgo4646_3050
 host 10.44.0.130
object network 10.44.0.130
 host 10.44.0.130
object network 192.168.199.0
 subnet 192.168.199.0 255.255.255.0
object network 10.227.225.41
 host 10.227.225.41
object network Administracion_FTTH_NuevoIdeal
 subnet 10.16.10.0 255.255.255.0
 description Administracion FTTH Nuevo Ideal
object network 10.228.0.0
 subnet 10.228.0.0 255.255.240.0
 description 10.228.0.0
object network 192.168.239.0
 subnet 192.168.239.0 255.255.255.128
 description 192.168.239.0
object network NETWORK_OBJ_192.168.239.0_25
 subnet 192.168.239.0 255.255.255.128
object network pool-vpn-prueba
 subnet 192.168.239.0 255.255.255.128
object network Pool_CMTS_Stgo
 range 170.X.X.8 170.X.X.9
object network 10.227.225.12
 host 10.227.225.12
object network AutopartesStgo_Suc_NI_81
 host 10.227.225.12
object network AutopartesStgo_Suc_NI_554
 host 10.227.225.12
object network AutopartesStgo_Suc_NI_8000
 host 10.227.225.12
object network 10.227.225.31
 host 10.227.225.31
object network Ferrepisos_NI_3389
 host 10.227.225.31
object network Ferrepisos_NI_8081
 host 10.227.225.31
object network 10.227.225.21
 host 10.227.225.21
object network 10.227.225.22
 host 10.227.225.22
object network 170.X.X.80
 host 170.X.X.80
object network 170.X.X.81
 host 170.X.X.81
object network 170.X.X.82
 host 170.X.X.82
object network 10.227.225.29
 host 10.227.225.29
object network 10.227.225.39
 host 10.227.225.39
object network 170.X.X.83
 host 170.X.X.83
object network 170.X.X.84
 host 170.X.X.84
object network 170.X.X.85
 host 170.X.X.85
object network 192.168.199.29
 host 192.168.199.29
 description Gaspar
object network 10.227.224.11
 host 10.227.224.11
 description CACTI_Carrier
object network CACTI_Carrier
 host 10.227.224.11
object network 10.227.224.0
 subnet 10.227.224.0 255.255.252.0
object network ALTAI
 host 172.16.99.22
object-group network redvpn
 network-object object 192.168.199.0
access-list CARRIERS_access_in extended permit ip 10.227.224.0 255.255.252.0 any
access-list CARRIERS_access_out extended permit ip any 10.227.224.0 255.255.252.0
access-list CARRIERS_access_out extended permit ip 192.168.199.0 255.255.255.0 10.227.224.0 255.255.252.0
access-list OUTSIDE_access_in remark ALTAI
access-list OUTSIDE_access_in extended permit ip any object 172.16.99.22
access-list OUTSIDE_access_in remark Centro Valle
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.20 eq 1930
access-list OUTSIDE_access_in remark Centro Valle
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.20 eq 1946
access-list OUTSIDE_access_in remark Stgo Contrato 4646
access-list OUTSIDE_access_in extended permit tcp any object 10.44.0.130 eq 3050
access-list OUTSIDE_access_in remark Prueba
access-list OUTSIDE_access_in extended permit ip any object 10.227.225.210
access-list OUTSIDE_access_in remark Gasolinera Holanda
access-list OUTSIDE_access_in extended permit ip any object 10.227.225.41
access-list OUTSIDE_access_in remark AutopartesStgo_Suc_NI
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.12 eq 81
access-list OUTSIDE_access_in remark AutopartesStgo_Suc_NI
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.12 eq rtsp
access-list OUTSIDE_access_in remark AutopartesStgo_Suc_NI
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.12 eq 8000
access-list OUTSIDE_access_in remark Ferrepisos_NI
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.31 eq 3389
access-list OUTSIDE_access_in remark Ferrepisos_NI
access-list OUTSIDE_access_in extended permit tcp any object 10.227.225.31 eq 8081
access-list OUTSIDE_access_in remark Gasolinera Samantha
access-list OUTSIDE_access_in extended permit ip any object 10.227.225.21
access-list OUTSIDE_access_in remark Gasolinera CM
access-list OUTSIDE_access_in extended permit ip any object 10.227.225.22
access-list OUTSIDE_access_in remark Farmacia Economica NI
access-list OUTSIDE_access_in extended permit ip any object 10.227.225.39
access-list OUTSIDE_access_in remark Caja Hipodromo NI
access-list OUTSIDE_access_in extended permit ip any object 10.227.225.29
access-list OUTSIDE_access_in remark CACTI_Carrier
access-list OUTSIDE_access_in extended permit ip any object 10.227.224.11
access-list OUTSIDE_access_in extended permit ip any any
access-list INSIDE_Prueba_access_in extended permit ip 192.168.62.0 255.255.255.0 any
access-list INSIDE_Prueba_access_in extended permit ip object 172.16.99.0 any
access-list INSIDE_Prueba_access_in extended permit ip object 192.168.199.0 any
access-list INSIDE_Prueba_access_in extended permit ip object 10.228.0.0 any
access-list INSIDE_Prueba_access_in extended permit ip 10.227.224.0 255.255.252.0 192.168.199.0 255.255.255.0
access-list INSIDE_Prueba_access_in extended permit ip 192.168.199.0 255.255.255.0 192.168.239.0 255.255.255.128
access-list ACL-tunel-vpn-prueba standard permit 192.168.239.0 255.255.255.0
access-list ACL-tunel-vpn-prueba standard permit 192.168.199.0 255.255.255.0
access-list INSIDE_Prueba_access_out extended permit ip 10.227.224.0 255.255.252.0 any
access-list INSIDE_Prueba_access_out extended permit ip 192.168.199.0 255.255.255.0 any
access-list INSIDE_Prueba_access_out extended permit ip any object 172.16.99.0
access-list INSIDE_Prueba_access_out extended permit ip 192.168.239.0 255.255.255.128 192.168.199.0 255.255.255.0
access-list TEST extended permit ip 192.168.199.0 255.255.255.0 192.168.239.0 255.255.255.128
access-list TEST extended permit ip 192.168.239.0 255.255.255.128 192.168.199.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu management 1500
mtu OUTSIDE 1500
mtu CARRIERS 1500
mtu INSIDE_Prueba 1500
mtu CMTS 1500
ip local pool pool-vpn-prueba 192.168.239.1-192.168.239.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any OUTSIDE
icmp permit any CARRIERS
icmp permit any echo CARRIERS
icmp permit any echo-reply CARRIERS
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (CMTS,OUTSIDE) source dynamic 10.19.0.0 170.X.X.16
nat (CMTS,OUTSIDE) source dynamic 10.27.0.0 170.X.X.17
nat (CMTS,OUTSIDE) source dynamic 10.25.0.0 170.X.X.18
nat (CMTS,OUTSIDE) source dynamic 10.9.0.0 170.X.X.12
nat (CMTS,OUTSIDE) source dynamic 10.39.0.0 170.X.X.20
nat (CMTS,OUTSIDE) source dynamic 10.11.0.0 170.X.X.11
nat (CMTS,OUTSIDE) source dynamic 10.35.0.0 170.X.X.22
nat (CMTS,OUTSIDE) source dynamic 10.33.0.0 170.X.X.23
nat (CMTS,OUTSIDE) source dynamic 10.13.0.0 170.X.X.13
nat (CMTS,OUTSIDE) source dynamic 10.17.0.0 170.X.X.25
nat (CMTS,OUTSIDE) source dynamic 10.37.0.0 170.X.X.26
nat (CMTS,OUTSIDE) source dynamic 10.41.0.0 170.X.X.27
nat (CMTS,OUTSIDE) source dynamic 10.33.0.0 170.X.X.29
nat (CMTS,OUTSIDE) source dynamic 10.47.0.0 170.X.X.21
nat (CMTS,OUTSIDE) source dynamic 10.49.0.0 170.X.X.24
nat (CARRIERS,OUTSIDE) source static 10.227.225.210 170.X.X.3
nat (CARRIERS,OUTSIDE) source static 10.227.225.41 170.X.X.82 description Gasolinera Holanda
nat (INSIDE_Prueba,OUTSIDE) source dynamic 10.228.0.0 170.X.X.10
nat (CMTS,OUTSIDE) source dynamic 10.51.0.0 pat-pool Pool_CMTS_Stgo
nat (CARRIERS,OUTSIDE) source static 10.227.225.21 170.X.X.80 description Gasolinera Samantha
nat (CARRIERS,OUTSIDE) source static 10.227.225.22 170.X.X.81 description Gasolinera CM
nat (CARRIERS,OUTSIDE) source static 10.227.225.39 170.X.X.83
nat (CARRIERS,OUTSIDE) source static 10.227.225.29 170.X.X.84
nat (INSIDE_Prueba,OUTSIDE) source static redvpn redvpn destination static NETWORK_OBJ_192.168.239.0_25 NETWORK_OBJ_192.168.239.0_25 no-proxy-arp
!             
object network CentroValle_1930
 nat (CARRIERS,OUTSIDE) static interface service tcp 1930 11930
object network CentroValle_1946
 nat (CARRIERS,OUTSIDE) static interface service tcp 1946 11946
object network Stgo4646_3050
 nat (CMTS,OUTSIDE) static 170.X.X.28 service tcp 3050 13050
object network AutopartesStgo_Suc_NI_81
 nat (CARRIERS,OUTSIDE) static interface service tcp 81 10081
object network AutopartesStgo_Suc_NI_554
 nat (CARRIERS,OUTSIDE) static interface service tcp rtsp 10554
object network AutopartesStgo_Suc_NI_8000
 nat (CARRIERS,OUTSIDE) static interface service tcp 8000 18000
object network Ferrepisos_NI_3389
 nat (CARRIERS,OUTSIDE) static interface service tcp 3389 13389
object network Ferrepisos_NI_8081
 nat (CARRIERS,OUTSIDE) static interface service tcp 8081 18081
object network CACTI_Carrier
 nat (CARRIERS,OUTSIDE) static 170.X.X.6
object network ALTAI
 nat (INSIDE_Prueba,OUTSIDE) static 170.X.X.4
!
nat (CARRIERS,OUTSIDE) after-auto source dynamic any interface
nat (INSIDE_Prueba,OUTSIDE) after-auto source dynamic any interface
nat (CMTS,OUTSIDE) after-auto source dynamic 10.45.0.0 170.X.X.28
nat (OUTSIDE,OUTSIDE) after-auto source static pool-vpn-prueba interface no-proxy-arp
access-group OUTSIDE_access_in in interface OUTSIDE
access-group CARRIERS_access_in in interface CARRIERS
access-group CARRIERS_access_out out interface CARRIERS
access-group INSIDE_Prueba_access_out out interface INSIDE_Prueba
route OUTSIDE 0.0.0.0 0.0.0.0 170.X.X.1 1
route CMTS 10.8.0.0 255.255.0.0 192.168.61.102 1
route CMTS 10.9.0.0 255.255.0.0 192.168.61.102 1
route CMTS 10.10.0.0 255.255.0.0 192.168.61.101 1
route CMTS 10.11.0.0 255.255.0.0 192.168.61.101 1
route CMTS 10.12.0.0 255.255.0.0 192.168.61.114 1
route CMTS 10.13.0.0 255.255.0.0 192.168.61.114 1
route CMTS 10.16.0.0 255.255.0.0 192.168.61.112 1
route CMTS 10.17.0.0 255.255.0.0 192.168.61.112 1
route CMTS 10.18.0.0 255.255.0.0 192.168.61.111 1
route CMTS 10.19.0.0 255.255.0.0 192.168.61.111 1
route CMTS 10.24.0.0 255.255.0.0 192.168.61.122 1
route CMTS 10.25.0.0 255.255.0.0 192.168.61.122 1
route CMTS 10.26.0.0 255.255.0.0 192.168.61.123 1
route CMTS 10.27.0.0 255.255.0.0 192.168.61.123 1
route CMTS 10.32.0.0 255.255.0.0 192.168.61.130 1
route CMTS 10.33.0.0 255.255.0.0 192.168.61.130 1
route CMTS 10.34.0.0 255.255.0.0 192.168.61.131 1
route CMTS 10.35.0.0 255.255.0.0 192.168.61.131 1
route CMTS 10.36.0.0 255.255.0.0 192.168.61.132 1
route CMTS 10.37.0.0 255.255.0.0 192.168.61.132 1
route CMTS 10.38.0.0 255.255.0.0 192.168.61.133 1
route CMTS 10.39.0.0 255.255.0.0 192.168.61.133 1
route CMTS 10.40.0.0 255.255.0.0 192.168.61.134 1
route CMTS 10.41.0.0 255.255.0.0 192.168.61.134 1
route CMTS 10.44.0.0 255.255.0.0 192.168.61.135 1
route CMTS 10.45.0.0 255.255.0.0 192.168.61.135 1
route CMTS 10.46.0.0 255.255.0.0 192.168.61.137 1
route CMTS 10.47.0.0 255.255.0.0 192.168.61.137 1
route CMTS 10.48.0.0 255.255.0.0 192.168.61.138 1
route CMTS 10.49.0.0 255.255.0.0 192.168.61.138 1
route CMTS 10.50.0.0 255.255.0.0 192.168.61.139 1
route CMTS 10.51.0.0 255.255.0.0 192.168.61.139 1
route INSIDE_Prueba 10.228.0.0 255.255.0.0 192.168.62.253 1
route INSIDE_Prueba 172.16.99.0 255.255.255.0 192.168.62.253 1
route INSIDE_Prueba 192.168.199.0 255.255.255.0 192.168.62.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 management
snmp-server host management 192.168.0.2 community ***** udp-port 161
snmp-server location Site-Dg
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map INSIDE_Prueba_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map INSIDE_Prueba_map interface INSIDE_Prueba
crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OUTSIDE_map interface OUTSIDE
crypto ikev1 enable OUTSIDE
crypto ikev1 enable INSIDE_Prueba
crypto ikev1 policy 10
 authentication crack
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 40
 authentication crack
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 70
 authentication crack
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 100
 authentication crack
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 130
 authentication crack
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 management
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
management-access INSIDE_Prueba
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
group-policy policiy-tunel-vpn-prueba-all internal
group-policy policiy-tunel-vpn-prueba-all attributes
 dns-server value 209.244.0.3 209.244.0.4
 vpn-tunnel-protocol ikev1 ssl-clientless
 split-tunnel-policy tunnelall
group-policy policiy-tunel-vpn-prueba-split internal
group-policy policiy-tunel-vpn-prueba-split attributes
 vpn-tunnel-protocol ikev1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ACL-tunel-vpn-prueba
username fermin password vWzuhgp2s encrypted privilege 15
username gaspar password uFhUyhgi encrypted privilege 15
username extra password Mgi9n5u3x encrypted privilege 15
tunnel-group tunel-vpn-prueba type remote-access
tunnel-group tunel-vpn-prueba general-attributes
 address-pool pool-vpn-prueba
 default-group-policy policiy-tunel-vpn-prueba-split
tunnel-group tunel-vpn-prueba ipsec-attributes
 ikev1 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny  
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip  
  inspect xdmcp
  inspect icmp
  inspect icmp error
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly 7
  subscribe-to-alert-group configuration periodic monthly 7
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:b209f3af7ae5cf8467a
: end

I see that subnet 192.168.199.0 is not directly connected to ASA. It has a route pointing towards 192.168.62.253.

1) whose ip is 192.168.62.253 ?

In server's route print output i noticed that server has a default gateway 192.168.199.254.

2)  whose ip 192.168.199.254 ?

sorry about the delay mi friend....

192.168.62.253 and 192.168.199.254 are vlan's ip addresses in the Sw 3750 connected directly to ASA. Here from my Sw 3750:

interface GigabitEthernet1/0/5
 description *** Interfaz prueba ASA5580 ***
 switchport access vlan 62
 switchport mode access
 switchport nonegotiate

interface Vlan62
 description *** Prueba CMTS 2 ***
 ip address 192.168.62.253 255.255.255.0

interface Vlan199
 description *** Pruebas Level3 ***
 ip address 192.168.199.254 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.62.254

please let me know if you need anything else.

Thanks.

hi my friend,

did you see my last post??

thanks.