Hi,You need to inspect the traffic from VPN clients to internal networks in out-zone to in-zone to allow inbound connections from VPN clients.access-list 199 permit ip 192.168.1.160 0.0.0.15 192.168.1.0 0.0.0.255!class-map type inspect vpn-inboundmat...

Hi,Is it a Windows machine or MAC? And is a dns server configured on physical adapter also? Is split dns being used here?DNS settings are per-interface in Windows. So if split-tunneling is used, DNS should fall back to physical adapter's DNS servers....

Hi,If 1.2.3.4 is fully forwarded to 192.168.1.1 and is static, you just need to use 1.2.3.4 as peer IP address.-Atul

Hi,Can you check if phase 2 SAs are formed by looking at "show crypto ipsec sa"? Traffic cannot go unencrypted if Phase 2 SA s are formed.-Atul

Hi Abhisar,If its taking local authentication, then it must mean that tacacs server is unavailable or the router is unable to make a connection to ACS. Take tacacs debugs to confirm that and check the connectivity between the two. TACACS uses tcp/49....