hope someone can help me, i have been trying now for days trying to solve this issue, i can connect to the ASDM and ping / telnet into the Firewall but as soon as i connect via VPN i cannot ping, telnet or use the ASDM, i can ping other devices and connect to them on the network ok.
below is the config, can someone help please ?
domain-name local
enable password QvGD1cC5fZNZ0F3G encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool vpnpool 192.168.6.192-192.168.6.254 mask 255.255.255.0
ip local pool VPN 192.168.6.192-192.168.6.254 mask 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
speed 100
duplex full
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.6.1 255.255.255.0
!
interface Vlan2
nameif Internet
security-level 0
ip address 31.111.135.141 255.255.255.248
!
boot config disk0:/startup.cfg
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup inside
dns domain-lookup Internet
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
domain-name local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj-31.149.115.141
host 31.149.115.141
object network obj-192.168.6.0
subnet 192.168.6.0 255.255.255.0
object network obj-192.168.6.192
subnet 192.168.6.192 255.255.255.192
object network obj-192.168.6.0-01
subnet 192.168.6.0 255.255.255.0
object network obj-192.168.6.192-01
subnet 192.168.6.192 255.255.255.192
object network obj-192.168.6.192-02
subnet 192.168.6.192 255.255.255.192
object network NETWORK_OBJ_192.168.6.0_24
subnet 192.168.6.0 255.255.255.0
object network NETWORK_OBJ_192.168.6.192_26
subnet 192.168.6.192 255.255.255.192
object network Filemakerserver
host 192.168.6.12
description filemakerserver
object network vpn
range 192.168.6.192 192.168.6.254
description vpn
object network internaltovpn
subnet 192.168.6.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
access-list inside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.6.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip any 192.168.6.192 255.255.255.192
access-list outside_nat0_outbound extended permit ip 192.168.6.192 255.255.255.192 192.168.6.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip 192.168.6.192 255.255.255.192 host 31.111.135.141
access-list Outside_access_in extended permit ip any any
access-list Outside_access_in extended permit icmp any any
access-list Internet_access_in extended permit ip any any
access-list Internet_access_in extended permit icmp any any
access-list Internet_access_out extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu Internet 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-715-100.bin
no asdm history enable
arp timeout 3600
arp permit-nonconnected
nat (inside,any) source static obj-192.168.6.0 obj-192.168.6.0 destination static obj-192.168.6.192 obj-192.168.6.192 no-proxy-arp route-lookup
nat (inside,any) source static any any destination static obj-192.168.6.192 obj-192.168.6.192 no-proxy-arp route-lookup
nat (inside,Internet) source static any any destination static NETWORK_OBJ_192.168.6.192_26 NETWORK_OBJ_192.168.6.192_26 no-proxy-arp route-lookup
nat (Internet,Internet) source static obj-192.168.6.192 obj-192.168.6.192 destination static obj-31.111.135.141 obj-31.111.135.141 no-proxy-arp route-lookup
!
object network obj-192.168.6.0
nat (inside,Internet) dynamic interface
object network obj-192.168.6.192
nat (Internet,Internet) dynamic interface
object network Filemakerserver
nat (any,Internet) static interface
object network vpn
nat (any,Internet) dynamic interface
object network internaltovpn
nat (any,Internet) dynamic interface
access-group inside_access_in in interface inside
access-group Internet_access_in in interface Internet
access-group Internet_access_out out interface Internet
route Internet 0.0.0.0 0.0.0.0 31.111.135.137 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
no user-identity enable
user-identity default-domain LOCAL
http server enable
http 192.168.6.0 255.255.255.0 inside
http 192.168.6.192 255.255.255.255 Internet
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map0 interface Internet
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=test
keypair Any
crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint0
certificate d5ebf852
308201cb 30820134 a0030201 020204d5 ebf85230 0d06092a 864886f7 0d010105
0500302a 310d300b 06035504 03130474 65737431 19301706 092a8648 86f70d01
0902160a 74657374 2e6c6f63 616c301e 170d3134 30323131 31303034 30375a17
0d323430 32303931 30303430 375a302a 310d300b 06035504 03130474 65737431
19301706 092a8648 86f70d01 0902160a 74657374 2e6c6f63 616c3081 9f300d06
092a8648 86f70d01 01010500 03818d00 30818902 818100c5 bcacd4a0 a1345d9c
68b47d6a fd65af38 adeda627 2cc26c3e e7180780 9a964def 1f801428 1aa05bf5
277e03c7 cdfd22ca eb48bea3 d07ec8f3 a132f98c 15f88262 34b9cfef e7a6cfc7
5e107a71 c66f2888 e3a6a99e 5541db67 e7e421f7 50579074 5747b04f 07bc7f1e
606bd26f 19c02367 bf39737c 93740820 19aaf7cc f8e00702 03010001 300d0609
2a864886 f70d0101 05050003 81810002 87c5543b 3fbb5717 7bd101cb 6c3be1e8
328e3a22 82569e6a e0404655 3f976e1c 81ce4847 0a79b55e 8d5f4372 cbc81781
b94da2e0 e1cbbb8d 7567feed 72d1ce2b 0a5cdd02 d871feba 066322e1 3fd2405e
2f32038c 399c2595 a9bbdf65 2ebf8999 876b0b13 28909a06 4b17bde4 03e0f405
a5dfc699 a823eab8 9512c31b 3234b3
quit
crypto isakmp nat-traversal 30
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable inside client-services port 443
crypto ikev2 enable Internet
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable inside
crypto ikev1 enable Internet
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.6.0 255.255.255.0 inside
telnet 192.168.6.192 255.255.255.255 Internet
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 28800
dhcpd ping_timeout 300
dhcpd auto_config Internet vpnclient-wins-override
dhcpd update dns both override
dhcpd option 6 ip 217.170.1.1 83.137.193.83
!
dhcpd address 192.168.6.13-192.168.6.20 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd auto_config Internet vpnclient-wins-override interface inside
dhcpd update dns both override interface inside
dhcpd option 3 ip 192.168.6.1 interface inside
dhcpd option 6 ip 8.8.8.8 8.8.4.4 interface inside
dhcpd option 26 hex 1500 interface inside
dhcpd enable inside
!
no threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter enable
ntp server 17.254.0.28 source Internet prefer
ssl trust-point ASDM_TrustPoint0 Internet
ssl trust-point ASDM_TrustPoint0 inside
webvpn
enable inside
enable Internet
dtls port 65010
anyconnect-essentials
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1
anyconnect profiles anybreda_client_profile disk0:/anybreda_client_profile.xml
anyconnect enable
tunnel-group-list enable
tunnel-group-preference group-url
internal-password enable
group-policy Breda internal
group-policy Breda attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
default-domain value local
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
group-policy clientless internal
group-policy clientless attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list none
username admin password ZPLiO3x5AcuboyCi encrypted privilege 15
tunnel-group Breda type remote-access
tunnel-group Breda general-attributes
address-pool VPN
default-group-policy Breda
tunnel-group Breda ipsec-attributes
ikev1 pre-shared-key xxxxxxx
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
hpm topN enable
Cryptochecksum:47bc1f606259042a27fe70059700b737
: end
asdm image disk0:/asdm-715-100.bin
no asdm history enable
regards
Neil
