Hi Abhishek, Thanks for your reply. I remove PAT and set address pool in 192.168.42.0/24, then the VPN was working. Now, I have a question: My client can't access Internet when the VPN is established. I want to access Internet through VPN. How do I configure it? If I want to access Internet not through VPN, how do I configure it? Could you give me some direction and some documents? By the way, the packet-tracer is appear in ASA 7.2 or above. Mine is 7.0 .
... View more
Hi friends, I am a new palyer in ASA. My company is small. We need remote client access server in LAN via VPN. I have an ASA5510 with version 7.0 . I have configured remote access VPN and it can establish tunnel successfully. But I can't access server. VPN client is version 5.0.07.0290 . Encrypted packets have increasing but Decrypted packets is 0 in statistics of VPN client, after I connected successfully. In ASA side, I show crypto ipsec sa, just have decrypted packets increase. Who can help me? Thanks a lot. The configuration in follow: ASA Version 7.0(7) ! hostname VPNhost names dns-guard ! interface Ethernet0/0 nameif outside security-level 10 ip address 18.104.22.168 255.255.255.240 ! interface Ethernet0/1 nameif inside security-level 100 ip address 192.168.42.199 255.255.255.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! ftp mode passive dns domain-lookup inside access-list PAT_acl extended permit ip 192.168.42.0 255.255.255.0 any access-list allow_PING extended permit icmp any any inactive access-list Internet extended permit ip host 22.214.171.124 any inactive access-list VPN extended permit ip 192.168.42.0 255.255.255.0 192.168.43.0 255.255.255.0 access-list VPN extended permit ip 192.168.43.0 255.255.255.0 192.168.42.0 255.255.255.0 access-list CAPTURE extended permit ip host 192.168.43.10 host 192.168.42.251 access-list CAPTURE extended permit ip host 192.168.42.251 host 192.168.43.10 pager lines 24 mtu outside 1500 mtu inside 1500 ip local pool testpool 192.168.43.10-192.168.43.20 arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list VPN nat (inside) 1 access-list PAT_acl route outside 0.0.0.0 0.0.0.0 126.96.36.199 10  username testuser password 123 aaa authentication ssh console LOCAL aaa local authentication attempts max-fail 3 no sysopt connection permit-ipsec crypto ipsec transform-set FirstSet esp-des esp-md5-hmac crypto dynamic-map dyn1 1 set transform-set FirstSet crypto dynamic-map dyn1 1 set reverse-route crypto map mymap 1 ipsec-isakmp dynamic dyn1 crypto map mymap interface outside isakmp enable outside isakmp policy 1 authentication pre-share isakmp policy 1 encryption des isakmp policy 1 hash md5 isakmp policy 1 group 2 isakmp policy 1 lifetime 86400 isakmp nat-traversal 3600 tunnel-group testgroup type ipsec-ra tunnel-group testgroup general-attributes address-pool testpool tunnel-group testgroup ipsec-attributes pre-shared-key * telnet timeout 5 ssh timeout 10 console timeout 0 : end Topology as follow:
... View more