Thank you Rick for your help.

After I have configured connection, and tested that is working fine. This is what I got from end user.

He is able to connect with VPN, and he can only access server 192.168.80.20 / His user and pass are OK.

'' I checked and concluded the following . Address which should be address to me ( 192.168.80.20 ) after establishing a VPN, assigned to me . With that I lost and all other network connections to the rest of my local network and the rest of the world (including your domain) . So not good . Be sure to keep in mind that establishing a VPN connection does not violate other network settings that I need ( I need to have the possibility of access my network over your VPN)''

Does this mean that he got assigned IP address x.x.80.20 ?

What am I doing wrong and where?

Thank you.

Gordan

It is difficult for me to understand much of what he says. But I do not believe that it says that he was assigned x.x.80.20.

His comment about losing connection to his local network and to the outside suggests that you have configured this VPN to tunnel everything. And when you tunnel all traffic it does frequently result in losing connection to the remote local lan and perhaps losing Internet connectivity. There is an option in configuring the VPN to allow connectivity to the local lan and there is an option in configuring the VPN to allow Internet connectivity (perhaps by configuring split tunneling or by providing a default route for tunneled traffic). Whether it is appropriate to use these features will depend on your security policy.

HTH

Rick

Hello Richard,

I got it up and running what I needed, the entire catch was making Split Tunnel, and assigning specific user over RADISU server, so he can connect to specific server.

Its ok now.

I have another Help question.

I need to have Logging message  send to me, or specific email, witch will tell me, or notice me when a certain VPN user, and VPN s-t-s, has connected to network and our ASA. and when he has finish session. 

I have try everything, but I can not get it running. 

Where is catch?

Thank you

Gordan

I am glad that you got your user working as required using Radius to assign the user and by specifying split tunneling.

Getting notice when a particular user connects via VPN or when a particular site to site VPN comes up may be a bit tricky. I am not aware of a direct way to do it on the ASA. At one time I worked with a customer whose Network Management System received notices when site to site VPNs went down or came up. If you have a NMS monitoring your ASA you might be able to get it to generate a notice to you.

The other alternative that occurs to me is to use EEM to generate the notice, assuming that the version of ASA code that you are running has support for EEM. EEM can check syslog messages for certain content (I have used the syslog message that is generated when a VPN user is assigned an IP address) and when EEM sees that message for that user then it can generate a notice to you.

HTH

Rick