When I try to use my vpn client to connect to another ASA firewall from home, my home ASA seems to block it. The VPN seems to connect, I cant use any services.

Been reading various description of the problem and tried to fix it, but no luck so far. Hope someone could help here, I'm just starting out with the ASA.

Config follows:

: Saved

:

ASA Version 8.4(1)

!

hostname troll

domain-name hemma

enable password qo.OrRMCak4uVCfZ encrypted

passwd XXXXX encrypted

names

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.1 255.255.255.0

!

interface Vlan2

mac-address AAAA.BBBB.CCCC

nameif outside

security-level 0

ip address dhcp

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

name-server 8.8.8.8

name-server 8.8.4.4

domain-name hemma

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network outside-network

host 123.123.123.123

description outside-network

access-list inside_access_in extended permit ip any any

pager lines 24

logging enable

logging asdm errors

mtu inside 1500

mtu outside 1500

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

!

nat (inside,outside) after-auto source dynamic any interface

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 123.123.123.123 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-record DfltAccessPolicy

aaa authentication enable console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto isakmp nat-traversal 3600

crypto ikev1 enable outside

telnet timeout 5

ssh scopy enable

ssh 192.168.1.0 255.255.255.0 inside

ssh timeout 60

ssh version 2

console timeout 0

management-access inside

dhcp-client client-id interface outside

dhcpd address 192.168.1.5-192.168.1.36 inside

dhcpd dns 192.168.1.1 8.8.4.4 interface inside

dhcpd domain troll interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

webvpn

username test password password encrypted privilege 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect ipsec-pass-thru

policy-map type inspect ipsec-pass-thru map_name

parameters

  esp

  ah

!

service-policy global_policy global

prompt hostname context

call-home

profile CiscoTAC-1

  no active

  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:e775asc3beasc8basc8234356457782234asc34a234sc2

: endf

no asdm history enable