Hello

I apologise in advance for my lack of knowledge on this matter but I have been handed an ASA 5510 running software version 7.2 (2) and been asked to configure a site-site with a client, I managed to get this configured and all is working well. Additionally I created an ipsec-ra tunnel group for users to connect to a particular server 192.168.10.100/24 remotely, although the connection establishes succesfully I cannot ping any IP on the LAN 192.168.10.0/24 that sits behind the ASA and when I ping the inside interface on the ASA it returns the public IP of the outside intreface.

If someone out there could give me a nudge in the right direction it would be hugely appreciated! Below is the running config of the device.

Thanks in advance.

: Saved

:

ASA Version 7.2(2)

!

hostname ciscoasa5510

domain-name domain.local

enable password .123456789/ encrypted

names

!

interface Ethernet0/0

nameif outside

security-level 0

pppoe client vpdn group ISP

ip address 12.34.56.789 255.255.255.255 pppoe setroute

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.168.10.1 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

shutdown

no nameif

no security-level

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

passwd 123456789 encrypted

ftp mode passive

clock timezone GMT/BST 0

clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00

dns server-group DefaultDNS

domain-name domain.local

access-list outside_20_cryptomap extended permit ip 192.168.10.0 255.255.255.0 host 10.16.2.124

access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 host 10.16.2.124

access-list Split_Tunnel_List remark The corporate network behind the ASA

access-list Split_Tunnel_List standard permit 192.168.10.0 255.255.255.0

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool domain_vpn_pool 192.168.11.1-192.168.11.254 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

route outside 0.0.0.0 0.0.0.0 12.34.56.789 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

group-policy domain_vpn internal

group-policy domain_vpn attributes

dns-server value 212.23.3.100 212.23.6.100

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value Split_Tunnel_List

username domain_ra_vpn password 123456789 encrypted

username domain_ra_vpn attributes

vpn-group-policy domain_vpn

username user password .123456789 encrypted

username user password .123456789 encrypted

username user password .123456789 encrypted privilege 15

username user password .123456789 encrypted

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http 192.168.10.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set pfs

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 20 match address outside_20_cryptomap

crypto map outside_map 20 set peer 987.65.43.21

crypto map outside_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 20 set security-association lifetime seconds 3600

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption aes-256

hash sha

group 5

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group 987.65.43.21 type ipsec-l2l

tunnel-group 987.65.43.21 ipsec-attributes

pre-shared-key *

tunnel-group domain_vpn type ipsec-ra

tunnel-group domain_vpn general-attributes

address-pool domain_vpn_pool

default-group-policy domain_vpn

tunnel-group domain_vpn ipsec-attributes

pre-shared-key *

telnet 192.168.10.0 255.255.255.0 inside

telnet timeout 5

console timeout 0

vpdn group ISP request dialout pppoe

vpdn group ISP localname ISP@ISP

vpdn group ISP ppp authentication chap

vpdn username ISP@ISP password *********

dhcpd dns 212.23.3.100 212.23.6.100

dhcpd lease 691200

dhcpd ping_timeout 500

dhcpd domain domain.local

!

dhcpd address 192.168.10.10-192.168.10.200 inside

dhcpd enable inside

!

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

prompt hostname context

Cryptochecksum:1234567890987654321

: end