Reappearance of scene

for example, i 'am outside,I want to connect to the intranet via Cisco AnyConnect Secure Mobility Client (vpn add 125.35.20.188)，

My IP address is  218.247.232.78 (mask 255.255.255.224,gateway218.247.232.65 )， Two network ip are Public address.

When I connected the VPN is reported error。However,i can do ping success for 125.35.20.188.

error message:Connection attempt has timed out,Please verify Internet connectivity

What is the reason?

configuration:

ASA Version 9.1(2)
!
hostname ciscoasa
enable password OpMCXXbV0P4MWNTM encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool vpnpool 172.16.10.1-172.16.10.250 mask 255.255.255.0
!
interface GigabitEthernet0/0
no nameif
security-level 0
no ip address
!
interface GigabitEthernet0/1
nameif DMZ
security-level 50
ip address 192.168.3.254 255.255.255.0
!
interface GigabitEthernet0/2
nameif outside
security-level 0
ip address 125.35.20.188 255.255.255.192
!
interface GigabitEthernet0/3
nameif dmz10
security-level 50
no ip address
!
interface GigabitEthernet0/4
nameif outside218
security-level 0
no ip address
!
interface GigabitEthernet0/5
nameif inside
security-level 100
ip address 20.20.20.1 255.255.255.0
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
clock timezone china 8
object network natin
subnet 0.0.0.0 0.0.0.0
object network vpn_remote_SH
subnet 192.168.0.0 255.255.255.0
object network 192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network 192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network 192.168.0.0
subnet 192.168.0.0 255.255.0.0
object network website-out
host 125.35.20.131
object network website-dmz
host 192.168.3.33
object network internet-out
host 125.35.20.138
object network internet-dmz
host 192.168.3.250
object network business-out
host 125.35.20.157
object network business-dmz
host 192.168.3.157
object-group network vpnin
network-object 192.168.3.0 255.255.255.0
object-group network vpnout
network-object 172.16.10.0 255.255.255.0
access-list vpnspilt extended permit ip 192.168.3.0 255.255.255.0 any
access-list 100 extended permit ip 192.168.3.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list website-any extended permit ip any host 192.168.3.33
access-list website-any extended permit ip any host 192.168.3.157

pager lines 24
logging enable
logging timestamp
logging trap notifications
logging host DMZ 192.168.3.45
mtu DMZ 1500
mtu outside 1500
mtu dmz10 1500
mtu outside218 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any DMZ
icmp permit any inside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DMZ,outside) source static vpnin vpnin destination static vpnout vpnout no-proxy-arp route-lookup
nat (inside,DMZ) source static 192.168.0.0 192.168.0.0 destination static 192.168.3.0 192.168.3.0
!
object network natin
nat (inside,outside) dynamic interface
object network website-dmz
nat (DMZ,outside) static website-out
object network internet-dmz
nat (DMZ,outside) static internet-out
object network business-dmz
nat (DMZ,outside) static business-out
access-group website-any in interface outside
route outside 0.0.0.0 0.0.0.0 125.35.20.129 1
route inside 192.168.0.0 255.255.255.0 20.20.20.254 1
route inside 192.168.1.0 255.255.255.0 20.20.20.254 1
route inside 192.168.4.0 255.255.255.0 20.20.20.254 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map mail
map-name member IETF-Radius-Class
map-value member cn=group,ou=mail,dc=zhimingsoft,dc=cn vpnpolicy
dynamic-access-policy-record DfltAccessPolicy
aaa-server mail protocol ldap
aaa-server mail (DMZ) host 192.168.3.10
server-port 389
ldap-base-dn ou=mail,dc=zhimingsoft,dc=cn
ldap-scope subtree
ldap-login-password *****
ldap-login-dn cn=wwq,ou=mail,dc=zhimingsoft,dc=cn
server-type microsoft
ldap-attribute-map mail
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set caiwu-cd esp-3des esp-md5-hmac
crypto ipsec security-association pmtu-aging infinite
crypto map cdmap 10 set pfs
crypto map cdmap 10 set peer 118.114.241.185
crypto map cdmap 10 set ikev1 transform-set caiwu-cd
crypto ca trustpoint vpnpoint
enrollment self
fqdn www.cisco.com
subject-name CN=www.cisco.com
keypair vpnkey
crl configure
crypto ca trustpool policy
crypto ca certificate chain vpnpoint
certificate 18520056
308201e3 3082014c a0030201 02020418 52005630 0d06092a 864886f7 0d010105
05003036 31163014 06035504 03130d77 77772e63 6973636f 2e636f6d 311c301a
06092a86 4886f70d 01090216 0d777777 2e636973 636f2e63 6f6d301e 170d3135
30393231 31393332 33385a17 0d323530 39313831 39333233 385a3036 31163014
06035504 03130d77 77772e63 6973636f 2e636f6d 311c301a 06092a86 4886f70d
01090216 0d777777 2e636973 636f2e63 6f6d3081 9f300d06 092a8648 86f70d01
01010500 03818d00 30818902 818100ad f5be9b5f a6b4d2b8 163264e6 7e2f6f6f
747df65e fa1efe4b 844c542a 74fd9112 1870a210 13ee8874 f40a224d 185a7e24
737d713e 39d5c83a b983b84c 9c0107b3 a045711e a238f842 e2d38f44 c3966d0f
6868ced6 7bce694b a2a80e50 e5baa3e4 5bbb284d 873de777 9825a2ac 012a1e99
801e50b1 19662095 7db9883f e489a502 03010001 300d0609 2a864886 f70d0101
05050003 818100a6 0b1e144a 3b66764f 8064ce6e 0d869e99 dd566f9e 6967513c
c3cec6fc d32d4bce 34d612f1 8105e02a 4c91561c 3f78079b eedfdf1f 075bdfbc
e02b2007 d8c8a789 5071209e f5027ee5 bd46adff 9cf58469 ce5c1487 a18aa456
cd387df5 a7dc799b 7c47703b 4317b28d a0cfca55 ab88fa32 11bcf7fe b01342d8
bb9a5b98 f9e329
quit
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
telnet 192.168.3.0 255.255.255.0 DMZ
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 1440
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 15 burst-rate 15
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-4.1.00028-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy vpnpolicy internal
group-policy vpnpolicy attributes
dns-server value 202.106.196.115 61.139.2.69
vpn-idle-timeout 14400
vpn-session-timeout 28800
vpn-tunnel-protocol ikev1 ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpnspilt
address-pools value vpnpool
username test password P4ttSyrm33SV8TYp encrypted
username test attributes
service-type remote-access
username admin password nvklUAVLFTZMLNve encrypted
tunnel-group vpntunnel type remote-access
tunnel-group vpntunnel general-attributes
authentication-server-group mail
default-group-policy vpnpolicy
tunnel-group vpntunnel webvpn-attributes
group-alias zhimingsoft enable
tunnel-group 118.114.241.185 type ipsec-l2l
tunnel-group 118.114.241.185 ipsec-attributes
ikev1 pre-shared-key *****
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email callhome@cisco.com
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 2
subscribe-to-alert-group configuration periodic monthly 2
subscribe-to-alert-group telemetry periodic daily

Hi ,

looking your configuration is okay.

i would suggest you to check few steps .

01. Can you disable your Anti-viruses/firewall from your PC

02. are you able to ping continuously ? to ASA ? if okay latency ?

03.  can you try  " vpn-tunnel-protocol ikev1 ssl-clientless  " later try from you PC on browser with https:// ?

Thanks,

Mani

hi

first of all ,thanks you answer.

01.Computer does not Anti-viruses/firewall。

02.i have always been ping success. 

03.sorry ,I don't understand this sentence。

There is a strange phenomenon，Sometimes success, sometimes failure （connect vpn）

I didn't make any changes.Is the problem of ISP ?