Hi All,

I have been stuck on this for a day now and can't seem to be able to get it working.  I can access this internet through Anyconnect, and can ping the inside interface of the FW.  I cannot SSH or ASDM to the FW on the inside interface or connect to anything on the LAN.

I ave pasted the asa config below.  Any help would be greatly appreciated.

All the best 

Alex

ASA Version 9.1(6) 
!
hostname ASA01
domain-name wentworth.europeantour.com
enable password wp1LsgcmYYpRNQoF encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
ip local pool Phone-VPN 10.100.20.1-10.100.20.254 mask 255.255.255.0
!
interface GigabitEthernet0/0
 nameif OUTSIDE
 security-level 0
 ip address 194.75.161.222 255.255.254.0 
!
interface GigabitEthernet0/1
 nameif INSIDE
 security-level 100
 ip address 10.100.19.254 255.255.252.0 
 dhcprelay information trusted
!
interface GigabitEthernet0/1.140
 vlan 140
 nameif ET-LAN
 security-level 100
 ip address 172.16.140.222 255.255.254.0 
!
interface GigabitEthernet0/1.512
 vlan 512
 nameif CISCO-MANAGE
 security-level 100
 ip address 10.100.12.62 255.255.255.192 
 dhcprelay information trusted
!
interface GigabitEthernet0/2
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet0/2.514
 vlan 514
 nameif DMZ
 security-level 90
 ip address 10.100.14.6 255.255.255.248 
 dhcprelay information trusted
!
interface GigabitEthernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 management-only
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
!
interface GigabitEthernet1/0
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/1
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/3
 shutdown
 no nameif
 no security-level
 no ip address
!
boot system disk0:/asa916-k8.bin
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup INSIDE
dns domain-lookup ET-LAN
dns domain-lookup DMZ
dns server-group DefaultDNS
 name-server 172.16.140.5
 name-server 172.16.140.111
 name-server 194.73.82.242
 domain-name wentworth.europeantour.com
same-security-traffic permit intra-interface
object network ET-LAN
 subnet 172.16.140.0 255.255.254.0
object network NETWORK_OBJ_10.100.20.0_24
 subnet 10.100.20.0 255.255.255.0
object network Expressway
 host 10.100.14.1
access-list Local_LAN_Access standard permit host 0.0.0.0 
access-list vc_daks_acl extended permit tcp any host 10.100.14.1 eq https 
access-list vc_daks_acl extended permit tcp any host 10.100.14.1 eq domain 
access-list vc_daks_acl extended permit udp any host 10.100.14.1 eq ntp 
access-list vc_daks_acl extended permit udp any host 10.100.14.1 range 5999 36002 
access-list vc_daks_acl extended permit tcp any host 10.100.14.1 eq 8443 
access-list vc_daks_acl extended permit tcp any host 10.100.16.15 eq https 
access-list vc_daks_acl extended permit tcp any host 10.100.16.15 eq domain 
access-list vc_daks_acl extended permit udp any host 10.100.16.15 eq ntp 
access-list vc_daks_acl extended permit udp any host 10.100.16.15 range 5999 36002 
access-list vc_daks_acl extended permit tcp any host 10.100.16.15 eq 8443 
access-list test extended permit ip any any log 
access-list test extended permit tcp any any eq ssh 
access-list test extended permit tcp any any eq https 
access-list test extended permit tcp any any range 1 65535 
access-list test extended permit udp any any range 1 65535 
pager lines 24
logging enable
logging asdm informational
mtu OUTSIDE 1500
mtu INSIDE 1500
mtu ET-LAN 1500
mtu CISCO-MANAGE 1500
mtu DMZ 1500
mtu management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
arp permit-nonconnected
nat (ET-LAN,OUTSIDE) source dynamic any interface dns
nat (ET-LAN,OUTSIDE) source static any any destination static NETWORK_OBJ_10.100.20.0_24 NETWORK_OBJ_10.100.20.0_24 no-proxy-arp route-lookup
nat (OUTSIDE,OUTSIDE) source static ET-LAN ET-LAN destination static NETWORK_OBJ_10.100.20.0_24 NETWORK_OBJ_10.100.20.0_24
!
object network ET-LAN
 nat (ET-LAN,OUTSIDE) dynamic interface
object network NETWORK_OBJ_10.100.20.0_24
 nat (OUTSIDE,OUTSIDE) dynamic interface
object network Expressway
 nat (DMZ,OUTSIDE) static 194.75.161.223
!
nat (CISCO-MANAGE,OUTSIDE) after-auto source dynamic any interface
nat (DMZ,OUTSIDE) after-auto source dynamic any interface dns
access-group vc_daks_acl in interface OUTSIDE
route OUTSIDE 0.0.0.0 0.0.0.0 194.75.161.129 1 
route ET-LAN 172.16.30.0 255.255.255.0 172.16.140.254 1 
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.16.140.0 255.255.254.0 ET-LAN
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map OUTSIDE_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OUTSIDE_map interface OUTSIDE
crypto ca trustpoint ASDM_TrustPoint0
 crl configure
crypto ca trustpoint ASDM_TrustPoint1
 enrollment terminal
 subject-name CN=ASA01.EUROPEANTOUR.COM,OU=IT,O=PGA.EUROPEANTOUR,C=UK,St=SURREY,L=VIRGINIA WATER,EA=ITHELPDESK@EUROPEANTOUR.COM
 keypair digicert.key
 crl configure
crypto ca trustpoint ASDM_TrustPoint2
 enrollment terminal
 crl configure
crypto ca trustpool policy
crypto ca certificate chain ASDM_TrustPoint1
 certificate 07085daafdd942c838f9cf61ae26c68d
    30820530 30820418 a0030201 02021007 085daafd d942c838 f9cf61ae 26c68d30 
    0d06092a 864886f7 0d01010b 0500304d 310b3009 06035504 06130255 53311530 
    13060355 040a130c 44696769 43657274 20496e63 31273025 06035504 03131e44 
    69676943 65727420 53484132 20536563 75726520 53657276 65722043 41301e17 
    0d313530 36323430 30303030 305a170d 31383036 32383132 30303030 5a308182 
    310b3009 06035504 06130247 42310f30 0d060355 04081306 53757272 65793117 
    30150603 55040713 0e566972 67696e69 61205761 74657231 1a301806 0355040a 
    13115047 41204575 726f7065 616e2054 6f757231 0b300906 0355040b 13024954 
    3120301e 06035504 0313176a 61626265 722e6575 726f7065 616e746f 75722e63 
    6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282 
    010100c1 fd64d77b d5e03c9e e7b592ff d04f514f 17496e1a 11565147 1b6b50e3 
    fc851a04 a8570079 1fd2c610 b1403234 3c0a87a5 3d5b8b5d 498902da c24238a3 
    694f32cb 8b90a72d 73f9ea5f 4689297c a36aa5a4 601eb841 66cbc087 e2d30c3c 
    b0132ffa eb25b5e4 77f5800a 3ce6c459 29c9851b c9514510 ecb2dd3a 5dd5b61d 
    e25e00e8 aed07231 b1c49d5e c9733dcf 73c682fa b95f091c 46c1742b 3640aca2 
    67bb12db d39aba46 884c4de4 75fa59f3 e5572c25 2ecc562a 4d4469b0 3fe73705 
    92170d28 6607a988 eda1b61f 0e67b2ad 0833aeda c49ea2f2 693b6439 32805413 
    099b1486 16a7e881 a5420fa7 ae5b2a7f 466e89ea a3d2d6da 09b1ea69 66d37c2f 
    53eaa302 03010001 a38201d4 308201d0 301f0603 551d2304 18301680 140f8061 
    1c823161 d52f28e7 8d4638b4 2ce1c6d9 e2301d06 03551d0e 04160414 44eaacdd 
    81b6d8a1 23d07fb0 0b20c3b8 48b138db 30220603 551d1104 1b301982 176a6162 
    6265722e 6575726f 7065616e 746f7572 2e636f6d 300e0603 551d0f01 01ff0404 
    030205a0 301d0603 551d2504 16301406 082b0601 05050703 0106082b 06010505 
    07030230 6b060355 1d1f0464 3062302f a02da02b 86296874 74703a2f 2f63726c 
    332e6469 67696365 72742e63 6f6d2f73 7363612d 73686132 2d67342e 63726c30 
    2fa02da0 2b862968 7474703a 2f2f6372 6c342e64 69676963 6572742e 636f6d2f 
    73736361 2d736861 322d6734 2e63726c 30420603 551d2004 3b303930 37060960 
    86480186 fd6c0101 302a3028 06082b06 01050507 0201161c 68747470 733a2f2f 
    7777772e 64696769 63657274 2e636f6d 2f435053 307c0608 2b060105 05070101 
    0470306e 30240608 2b060105 05073001 86186874 74703a2f 2f6f6373 702e6469 
    67696365 72742e63 6f6d3046 06082b06 01050507 3002863a 68747470 3a2f2f63 
    61636572 74732e64 69676963 6572742e 636f6d2f 44696769 43657274 53484132 
    53656375 72655365 72766572 43412e63 7274300c 0603551d 130101ff 04023000 
    300d0609 2a864886 f70d0101 0b050003 82010100 594d3ad4 ac2211f8 cfe9d46f 
    19d89b08 64f09cbb 5f33844f 524d23de 3f8622c7 656d18bb c3d022b6 59dc273a 
    1024eeb9 983b577d 668b725d 45ce038a e51f3e27 899c269e 173bd1d1 1c035093 
    e1b16902 29fb662e ed6b9383 729513e5 3d15f645 bd0a1e35 46da23a8 42b01d30 
    0e7b0dd2 0c900dbb 100ba782 dc60fb7b f3b8b1e5 5c831e1c ccd15922 5e813e50 
    9e131461 48fd5f67 0724da4b b82c11e9 5710b4c0 8394f1af 6a6054ff 8a1f6840 
    420091f3 bf58d9dc 69dc2c1e c9fe9fae cf971124 11d4e715 992c3c91 59ee4adb 
    ba052b7a 8ffb02d4 ae4f9cf6 46c20993 0c2f2c01 de69f101 bca168cd 61d67920 
    a09b3baf f83c07d0 1fd6a63b 4205b36d e66d6148
  quit
crypto ca certificate chain ASDM_TrustPoint2
 certificate ca 01fda3eb6eca75c888438b724bcfbc91
    30820494 3082037c a0030201 02021001 fda3eb6e ca75c888 438b724b cfbc9130 
    0d06092a 864886f7 0d01010b 05003061 310b3009 06035504 06130255 53311530 
    13060355 040a130c 44696769 43657274 20496e63 31193017 06035504 0b131077 
    77772e64 69676963 6572742e 636f6d31 20301e06 03550403 13174469 67694365 
    72742047 6c6f6261 6c20526f 6f742043 41301e17 0d313330 33303831 32303030 
    305a170d 32333033 30383132 30303030 5a304d31 0b300906 03550406 13025553 
    31153013 06035504 0a130c44 69676943 65727420 496e6331 27302506 03550403 
    131e4469 67694365 72742053 48413220 53656375 72652053 65727665 72204341 
    30820122 300d0609 2a864886 f70d0101 01050003 82010f00 3082010a 02820101 
    00dcae58 904dc1c4 30159035 5b6e3c82 15f52c5c bde3dbff 7143fa64 2580d4ee 
    18a24df0 66d00a73 6e119836 1764af37 9dfdfa41 84afc7af 8cfe1a73 4dcf3397 
    90a29687 53832bb9 a675482d 1d56377b da31321a d7acab06 f4aa5d4b b74746dd 
    2a93c390 2e798080 ef13046a 143bb59b 92bec207 654efcda fcff7aae dc5c7e55 
    310ce839 07a4d7be 2fd30b6a d2b1df5f fe577453 3b3580dd ae8e4498 b39f0ed3 
    dae0d7f4 6b29ab44 a74b5884 6d924b81 c3da738b 12974890 0445751a dd373197 
    92e8cd54 0d3be4c1 3f395e2e b8f35c7e 108e8641 008d4566 47b0a165 cea0aa29 
    094ef397 ebe82eab 0f72a730 0efac7f4 fd1477c3 a45b2857 c2b3f982 fdb74558 
    9b020301 0001a382 015a3082 01563012 0603551d 130101ff 04083006 0101ff02 
    0100300e 0603551d 0f0101ff 04040302 01863034 06082b06 01050507 01010428 
    30263024 06082b06 01050507 30018618 68747470 3a2f2f6f 6373702e 64696769 
    63657274 2e636f6d 307b0603 551d1f04 74307230 37a035a0 33863168 7474703a 
    2f2f6372 6c332e64 69676963 6572742e 636f6d2f 44696769 43657274 476c6f62 
    616c526f 6f744341 2e63726c 3037a035 a0338631 68747470 3a2f2f63 726c342e 
    64696769 63657274 2e636f6d 2f446967 69436572 74476c6f 62616c52 6f6f7443 
    412e6372 6c303d06 03551d20 04363034 30320604 551d2000 302a3028 06082b06 
    01050507 0201161c 68747470 733a2f2f 7777772e 64696769 63657274 2e636f6d 
    2f435053 301d0603 551d0e04 1604140f 80611c82 3161d52f 28e78d46 38b42ce1 
    c6d9e230 1f060355 1d230418 30168014 03de5035 56d14cbb 66f0a3e2 1b1bc397 
    b23dd155 300d0609 2a864886 f70d0101 0b050003 82010100 233edf4b d23142a5 
    b67e425c 1a44cc69 d168b45d 4be00421 6c4be26d ccb1e097 8fa65309 cdaa2a65 
    e5394f1e 83a56e5c 98a22426 e6fba1ed 93c72e02 c64d4abf b042df78 dab3a8f9 
    6dff2185 5336604c 76ceec38 dcd65180 f0c5d6e5 d44d2764 ab9bc73e 71fb4897 
    b8336dc9 1307ee96 a21b1815 f65c4c40 edb3c2ec ff71c1e3 47ffd4b9 00b43742 
    da20c9ea 6e8aee14 06ae7da2 599888a8 1b6f2df4 f2c9145f 26cf2c8d 7eed37c0 
    a9d539b9 82bf190c ea34af00 2168f8ad 73e2c932 da38250b 55d39a1d f06886ed 
    2e4134ef 7ca5501d bf3af9d3 c1080ce6 ed1e8a58 25e4b877 ad2d6ef5 52ddb474 
    8fab492e 9d3b9334 281f78ce 94eac7bd d3c96d1c de5c32f3
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable OUTSIDE client-services port 443
crypto ikev2 remote-access trustpoint ASDM_TrustPoint1
telnet timeout 5
no ssh stricthostkeycheck
ssh 172.16.140.0 255.255.254.0 ET-LAN
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 5
management-access ET-LAN
dhcpd address 192.168.1.2-192.168.1.254 management
!
dhcprelay server 172.16.140.5 ET-LAN
dhcprelay enable INSIDE
dhcprelay enable CISCO-MANAGE
dhcprelay setroute INSIDE
dhcprelay setroute CISCO-MANAGE
dhcprelay timeout 60
dhcprelay information trust-all
!
tls-proxy maximum-session 1000
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 172.16.30.8 source ET-LAN prefer
ssl trust-point ASDM_TrustPoint1 OUTSIDE
webvpn
 enable OUTSIDE
 anyconnect image disk0:/anyconnect-win-4.1.02011-k9.pkg 1
 anyconnect profiles Phone-VPN_client_profile disk0:/Phone-VPN_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
group-policy GroupPolicy_Phone-VPN internal
group-policy GroupPolicy_Phone-VPN attributes
 wins-server none
 dns-server value 172.16.140.5 172.16.140.111
 vpn-tunnel-protocol ikev2 ssl-client 
 split-tunnel-policy excludespecified
 split-tunnel-network-list value Local_LAN_Access
 default-domain value wentworth.europeantour.com
 webvpn
  anyconnect profiles value Phone-VPN_client_profile type user
username test password /FzQ9W6s1KjC0YQ7 encrypted
username admin password CSepvyL8uFG0uCDv encrypted privilege 15
username softcat password w7qEVaYECf893OqK encrypted
tunnel-group Phone-VPN type remote-access
tunnel-group Phone-VPN general-attributes
 address-pool Phone-VPN
 default-group-policy GroupPolicy_Phone-VPN
tunnel-group Phone-VPN webvpn-attributes
 group-alias Phone-VPN enable
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect ip-options 
  inspect netbios 
  inspect rsh 
  inspect rtsp 
  inspect skinny  
  inspect esmtp 
  inspect sqlnet 
  inspect sunrpc 
  inspect tftp 
  inspect sip  
  inspect xdmcp 
!
service-policy global_policy global
prompt hostname context 
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:d95afef60a934e810a5be445b1c3db80
: end