PING is a tool that can also work in suboptimal routing cases. First configure syslogging either in ASDM or to an external syslog server. Then try telnetting 192.168.100.1 on port 80 from the VPN client. Check if a blank screen appears, then filter the syslogs that contain 192.168.100.1 and paste here. Also a network diagram will be helpfull.

Hi....

    whenever he tried to connected to vpn client port 80,it's not showing blank screen.also i sent a network daigram.

Thanks.

diagram appears to be removed. Can you upload it one more time so i can download this time. Btw was the VPN client connected while you ran route print command in VPN client? Can you doublecheck if you can telnet the mail server on 192.168.100.1 on 80 while VPN connected?

Thanks

IMPORTANT: According to the interfaces listed in route print ouput in VPN client, Cisco VPN client is not instaled. Are you using Microsoft client ?

Hi.............

   Please find the attachment for the network daigram .Also,"route print" file for the  cicso vpn client.Yes,I doublechecked.

   No i can't telnet the mail server on 192.168.100.1 on 80.Please need your helpful.

Thanks.

According to the actual configuration, all traffic (including internet) of VPN clients that belong to nexttoidea group is tried to be routed to corporate network. But tunnel group nexttoidea is not configured to tunnel-all. PC thath is connected via VPN client selects its local gateway as elected gateway, and traffic is not routed over tunnel.

In order to prove this theory, right-click VPN symbol in notification area, click statistics. While this window is open, open up a browser and type http://192.168.100.2 , and most probably the count of encrypted packets does not increment.

Assuming that your secuirty policy does not imply to restrict internet access or control all trafic centrally of nexttoidea members, I recommend using split tunneling. If you agree with my assumption and you need this VPN just to be able to connect your networks, while being able to connect local networks, do the following configuration

ip local pool next_to_idea 172.16.2.1-172.16.2.10 mask 255.255.255.240

tunnel-group nexttoideavpn general-attributes

no address-pool nexttoidea

address-pool next_to_idea

no ip local pool nexttoidea 182.16.1.1-182.16.1.10 mask 255.255.255.0

no access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.192 182.16.1.0 255.255.255.240

no access-list inside_nat0_outbound extended permit ip 192.168.100.64 255.255.255.192 182.16.1.0 255.255.255.240

no access-list inside_nat0_outbound extended permit ip any 182.16.1.0 255.255.255.240

access-list inside_nat0_outbound extended permit ip 192.168.100.0 255.255.255.128 172.16.2.0 255.255.255.240

access-list outside_cryptomap_20 extended permit ip 192.168.100.0 255.255.255.0 172.16.2.0 255.255.255.240

access-list splitTun_nextoidea standard permit 192.168.100.0 255.255.255.128

group-policy nexttoideavpn attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value splitTun_nextoidea

Hi......

   yes....i put this commands for following configuration in cisco ASA.After VPN client is connected.But,

   I can't able to ping 192.168.100.1 my server ip.

   Kindly do the needful.

Thanks.

Please post the new config, and post the output of "route print" again after config update from VPN client when it is connected.

Need the output of following

*Log into ASDM. Apperantly logging to ASDM is enabled. Go to Real-Time log viewer. Set logging to Debugging level. Into filter-by section, type in the IP address that VPN client acquired (172.16.2.x)

Now in VPN client, try to browse http://192.168.100.1 again. After that,

1)Check the real-time viewer. Paste here the logs that occured .

2)In VPN client, right-click the VPN icon at notification area, click statistics, take a screenshot and paste here

Hi......

    Please find the attachment for the new config,Also post the output of "route print".And no output showing for ASDM log.

     Kindly do the needful.

Thanks.

Hi.......

I have configured remote access VPN with local pool in ASA firewall.However i am accessing all the resoureces(My private network such as server's).

Also I can access the VPN through webmail.The port like,

port-object eq 443.

Thanks for your co-operate.

Thanks.

Hi.......

I have configured remote access VPN with local pool in ASA firewall.However i am accessing all the resources(My private network such as server's).

Also I can access the VPN through webamil.Port like,

port-object eq 443

Thanks for your co-operate.

Thanks.

Hi...........

I have configured the remote access VPN with local pool in ASA firewall however i am accessing all the resources.Also i can access the VPN through webmail.Port like,

  port-object eq 443

Thanks for your co-operation.

Thanks.

Hi.........

I have configured remote access VPN with local pool in ASA firewall.However i am accessing all the resources.(My privte network such as servers).

Also i can access VPN through webmail.The port like,

port-object eq 443

Thanks for your co-operate.

Thanks.

Hi......

   Please find the attachment for the "route print" &  "show ip route" files.

Thanks.