So I am having much difficulty with a VPN connection.

I have a site-to-site connection to IP 204.90.187.158, the tunnel is down and I cannot ping it.

I also have an access list "101" that pertains to the connection. 

Is it possible to apply an acl list only to a specific VPN connection??

I had a recent issue with not being able to ping the LAN from the anyconnect VPN and have since corrected that, but somehow broke the site to site connection in the process. I am not sure how to correct this issue. Please help?

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.04.15 10:11:59 =~=~=~=~=~=~=~=~=~=~=~=
show running-config
: Saved
:
ASA Version 8.2(5) 
!
hostname XtremeV3
domain-name default.domain.invalid
enable password *** encrypted
passwd *** encrypted
multicast-routing
names
name 10.102.1.49 FTP-Server
name 198.133.250.19 GSX-INTERNAL description GSX-INTERNAL
name 10.102.1.84 DVR_Camera
name 10.102.1.52 ERP description MANMAN
name 10.103.1.0 VPN_Network_Range
ddns update method 65.32.1.70
 ddns both
 interval maximum 1 0 0 0
!
ddns update method 65.32.1.65
 ddns both
 interval maximum 1 0 0 0
!
!
interface Ethernet0/0
            
 switchport access vlan 2
!
interface Ethernet0/1
 switchport trunk allowed vlan 1,5
 switchport trunk native vlan 1
 switchport mode trunk
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.102.1.1 255.255.255.0 
 ospf cost 10
              
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 67.78.158.186 255.255.255.248 
 igmp forward interface inside
 ospf cost 10
!
interface Vlan5
 nameif Guest-VLAN
 security-level 10
 ip address 10.0.0.1 255.255.255.0 
!
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
 name-server 208.67.222.222
 name-server 208.67.220.220
 name-server 65.32.1.65
 name-server 65.32.1.70
              
 domain-name default.domain.invalid
dns server-group OpenDNS
 name-server 208.67.222.222
 name-server 208.67.220.220
 domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Reflection tcp
 port-object eq 1570
object-group network STATIC-PAT
object-group service NVRCamera tcp
 description NVR access
 port-object eq 7443
object-group service HTTP_camera tcp
 port-object eq 7080
object-group service RDP tcp
 port-object eq 3389
object-group network VPN
access-list inside_nat0_outbound extended permit ip any 10.102.1.16 255.255.255.240 
access-list outside_access_in extended permit ip any any inactive 
access-list outside_access_in extended permit tcp any 67.78.158.184 255.255.255.248 object-group NVRCamera 
access-list outside_access_in extended permit tcp any interface outside object-group HTTP_camera 
access-list inside_outbound_nat0_acl extended permit ip host 10.102.1.10 host GSX-INTERNAL 
access-list inside_outbound_nat0_acl extended permit ip host 10.102.1.10 host 198.133.250.39 
access-list inside_outbound_nat0_acl extended permit ip host 67.78.158.187 host GSX-INTERNAL 
<--- More --->
              
access-list inside_outbound_nat0_acl extended permit ip host 67.78.158.187 host 198.133.250.39 
access-list inside_outbound_nat0_acl extended permit ip 10.102.1.0 255.255.255.0 67.78.158.184 255.255.255.248 
access-list inside_outbound_nat0_acl extended permit ip 10.102.1.0 255.255.255.0 VPN_Network_Range 255.255.255.0 
access-list Locan_lan_access remark VNP client local lan access
access-list Locan_lan_access standard permit host 0.0.0.0 
access-list Locan_lan_access remark VNP client local lan access
access-list Locan_lan_access remark VNP client local lan access
access-list Locan_lan_access remark VNP client local lan access
access-list Locan_lan_access remark VNP client local lan access
access-list Locan_lan_access remark VNP client local lan access
access-list outside_1_cryptomap extended permit ip host 10.102.1.10 host GSX-INTERNAL 
access-list outside_1_cryptomap extended permit ip host 10.102.1.10 host 198.133.250.39 
access-list outside_1_cryptomap extended permit ip host 67.78.158.187 host GSX-INTERNAL 
access-list outside_1_cryptomap extended permit ip host 67.78.158.187 host 198.133.250.39 
access-list 101 extended permit ip host GSX-INTERNAL host ERP 
access-list 101 extended permit ip host 204.90.187.158 host ERP 
access-list 101 extended permit esp host GSX-INTERNAL host ERP 
access-list 101 extended permit esp host 204.90.187.158 host ERP 
access-list 101 extended permit tcp host GSX-INTERNAL host ERP 
access-list 101 extended permit tcp host 204.90.187.158 host ERP 
access-list 101 extended permit tcp host GSX-INTERNAL host 67.78.158.186 
access-list 101 extended permit tcp host 204.90.187.158 host 67.78.158.186 
access-list 101 extended permit ip host 198.133.250.39 host ERP 
access-list 101 extended permit esp host 198.133.250.39 host ERP 
         
access-list 101 extended permit tcp host 198.133.250.39 host ERP 
access-list 101 extended permit tcp host 198.133.250.39 host 67.78.158.186 
access-list 101 extended permit ip host 198.133.250.39 host 10.102.1.10 
access-list 101 extended permit esp host 198.133.250.39 host 10.102.1.10 
access-list 101 extended permit tcp host 198.133.250.39 host 10.102.1.10 
access-list 101 extended permit ip host GSX-INTERNAL host 10.102.1.10 
access-list 101 extended permit esp host GSX-INTERNAL host 10.102.1.10 
access-list 101 extended permit tcp host GSX-INTERNAL host 10.102.1.10 
access-list 101 extended permit ip host GSX-INTERNAL host 67.78.158.187 
access-list 101 extended permit ip host 204.90.187.158 host 67.78.158.187 
access-list 101 extended permit esp host GSX-INTERNAL host 67.78.158.187 
access-list 101 extended permit esp host 204.90.187.158 host 67.78.158.187 
access-list 101 extended permit tcp host GSX-INTERNAL host 67.78.158.187 
access-list 101 extended permit tcp host 204.90.187.158 host 67.78.158.187 
access-list 101 extended permit ip host 198.133.250.39 host 67.78.158.187 
access-list 101 extended permit esp host 198.133.250.39 host 67.78.158.187 
access-list 101 extended permit tcp host 198.133.250.39 host 67.78.158.187 
access-list 101 extended permit ip host 65.182.161.9 any 
access-list Split_Tunnel_List remark Network behind the ASA Firewall.
access-list Split_Tunnel_List standard permit 10.102.1.16 255.255.255.240 
access-list Split_Tunnel_List standard permit host FTP-Server 
access-list Split_Tunnel_List standard permit host ERP 
access-list Split_Tunnel_List standard permit host 10.102.1.10 
access-list Split_Tunnel_List standard permit 10.102.1.0 255.255.255.0 
              
access-list inside_access_in extended permit ip any any 
access-list inside_access_in extended deny tcp any any eq smtp 
access-list inside_nat0_outbound_1 extended permit ip any VPN_Network_Range 255.255.255.0 
access-list vpn-dflt-access extended permit ip 10.102.1.0 255.255.255.0 VPN_Network_Range 255.255.255.0 
access-list vpn-dflt-access extended permit ip VPN_Network_Range 255.255.255.0 10.102.1.0 255.255.255.0 
access-list split-acl standard permit 10.102.1.0 255.255.255.0 
access-list NONAT extended permit ip 10.102.1.0 255.255.255.0 VPN_Network_Range 255.255.255.0 
access-list Split-Tunnel standard permit 10.102.1.0 255.255.255.0 
access-list Split-Tunnel standard permit VPN_Network_Range 255.255.255.0 
access-list SPLIT_TUNNEL standard permit 10.102.1.0 255.255.255.0 
pager lines 24
logging enable
logging list VPNLogging level informational class vpn
logging buffer-size 16384
logging buffered informational
logging trap informational
logging asdm informational
logging class auth asdm informational 
mtu inside 1500
mtu outside 1500
mtu Guest-VLAN 1500
ip local pool xtremv3 10.103.1.31-10.103.1.80 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
              
icmp deny any outside
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0
nat (Guest-VLAN) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 7443 DVR_Camera 7443 netmask 255.255.255.255 
static (inside,outside) tcp interface 7080 DVR_Camera 7080 netmask 255.255.255.255 
static (inside,outside) 67.78.158.187 ERP netmask 255.255.255.255 
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 67.78.158.185 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
nac-policy DfltGrpPolicy-nac-framework-create nac-framework
              
 reval-period 36000
 sq-period 300
aaa authentication enable console LOCAL 
aaa authentication http console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication telnet console LOCAL 
aaa authorization command LOCAL 
http server enable
http 65.182.161.9 255.255.255.255 outside
http 10.102.1.0 255.255.255.0 inside
http 67.78.158.190 255.255.255.255 outside
http 65.182.188.212 255.255.255.255 outside
http 202.164.41.226 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
              
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec fragmentation after-encryption inside
crypto ipsec fragmentation after-encryption outside
crypto dynamic-map outside_dyn_map 20 set pfs 
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 204.90.187.158 
crypto map outside_map 1 set transform-set ESP-3DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ca certificate map DefaultCertificateMap 10
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 1
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 3600
crypto isakmp policy 10
 authentication pre-share
<--- More --->
              
 encryption 3des
 hash md5
 group 2
 lifetime 28800
crypto isakmp policy 30
 authentication crack
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp nat-traversal 100
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 5
telnet 10.102.1.90 255.255.255.255 inside
telnet ERP 255.255.255.255 inside
telnet 10.102.1.70 255.255.255.255 inside
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcp-client update dns server both
dhcpd auto_config outside
!
              
dhcpd address 10.0.0.100-10.0.0.254 Guest-VLAN
dhcpd dns 8.8.8.8 8.8.4.4 interface Guest-VLAN
dhcpd lease 11520 interface Guest-VLAN
dhcpd enable Guest-VLAN
!

threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 129.6.15.28 source outside
webvpn
 enable inside
 enable outside
 anyconnect-essentials
 svc image disk0:/anyconnect-win-2.4.1012-k9.pkg 1
 svc image disk0:/anyconnect-macosx-i386-2.5.6005-k9.pkg 2
 svc enable
 tunnel-group-list enable
group-policy DfltGrpPolicy attributes
 dns-server value 208.67.222.222 208.67.220.220
 vpn-simultaneous-logins 10
 vpn-filter value vpn-dflt-access
 vpn-tunnel-protocol IPSec l2tp-ipsec svc 
              
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value Split_Tunnel_List
 default-domain value default.domain.invalid
 nac-settings value DfltGrpPolicy-nac-framework-create
 address-pools value xtremv3
 webvpn
  svc keepalive none
  svc rekey method ssl
  svc dpd-interval client none
  svc dpd-interval gateway none
  svc compression deflate
  customization value DfltCustomization
group-policy vthree-na internal
group-policy vthree-na attributes
 wins-server none
 dns-server value 208.67.222.222 208.67.220.220
 vpn-idle-timeout 47
 vpn-tunnel-protocol IPSec l2tp-ipsec svc 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value SPLIT_TUNNEL
 default-domain value default.domain.invalid
 address-pools value xtremv3
tunnel-group DefaultL2LGroup general-attributes
 default-group-policy vthree-na
tunnel-group DefaultL2LGroup ipsec-attributes
 pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
              
 address-pool xtremv3
 authorization-server-group LOCAL
 default-group-policy vthree-na
tunnel-group DefaultRAGroup ipsec-attributes
 pre-shared-key *****
 peer-id-validate nocheck
 isakmp ikev1-user-authentication none
tunnel-group DefaultRAGroup ppp-attributes
 authentication pap
 authentication ms-chap-v2
 authentication eap-proxy
tunnel-group DefaultWEBVPNGroup general-attributes
 address-pool xtremv3
 default-group-policy vthree-na
 password-management password-expire-in-days 5
tunnel-group vthree-na type remote-access
tunnel-group vthree-na general-attributes
 address-pool (inside) xtremv3
 address-pool xtremv3
 authorization-server-group LOCAL
 default-group-policy vthree-na
 username-from-certificate use-entire-name
tunnel-group vthree-na ipsec-attributes
 pre-shared-key *****
              
 peer-id-validate nocheck
 isakmp ikev1-user-authentication none
tunnel-group cisco type remote-access
tunnel-group cisco general-attributes
 address-pool xtremv3
 default-group-policy vthree-na
tunnel-group cisco ipsec-attributes
 pre-shared-key *****
tunnel-group 204.90.187.158 type ipsec-l2l
tunnel-group 204.90.187.158 general-attributes
 default-group-policy vthree-na
tunnel-group 204.90.187.158 ipsec-attributes
 pre-shared-key *****
tunnel-group-map enable rules
tunnel-group-map default-group vthree-na
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
              
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
!
service-policy global_policy global
prompt hostname context 
no compression svc http-comp
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
              
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:
: end

XtremeV3(config)#