I can connect now and access the internet, but no lan access.  Here is the current config.  Thanks for all of your help.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.10.14 22:50:07 =~=~=~=~=~=~=~=~=~=~=~=
show run
: Saved
:
ASA Version 8.4(4)1
!
hostname Bryan-ASA
enable password Z77JKH8dh1FhRD4u encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
<--- More --->
             
!
interface Vlan1
nameif inside
security-level 100
ip address 10.50.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
!
boot system disk0:/asa844-1-k8.bin
ftp mode passive
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.50.0.0_24
subnet 10.50.0.0 255.255.255.0
object network obj-192.168.60.0
subnet 192.168.60.0 255.255.255.0
object network obj-10.0.0.0-01
subnet 10.0.0.0 255.0.0.0
object network obj-10.0.0.0
subnet 10.0.0.0 255.0.0.0
<--- More --->
             
object network obj-10.50.0.0
subnet 10.50.0.0 255.255.255.0
object-group network RFC1918
network-object 192.168.0.0 255.255.0.0
network-object 10.0.0.0 255.0.0.0
object-group network NET-VPNPOOL
network-object 192.168.60.0 255.255.255.0
access-list inside extended permit icmp any any
access-list inside extended permit ip any 192.168.60.0 255.255.255.0
access-list inside extended permit ip any any
access-list nonat extended permit ip 10.0.0.0 255.0.0.0 192.168.60.0 255.255.255.0
access-list ips extended permit ip any any
access-list traffic_for_ips extended permit ip any any
access-list redistribute standard permit 192.168.60.0 255.255.255.0
access-list split-acl standard permit 10.50.0.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN-POOL 192.168.50.50-192.168.50.100 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-649-103.bin
no asdm history enable
arp timeout 14400
<--- More --->
             
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.50.0.0_24 NETWORK_OBJ_10.50.0.0_24 no-proxy-arp route-lookup
nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.60.0 obj-192.168.60.0 no-proxy-arp route-lookup
nat (inside,outside) source dynamic RFC1918 interface
nat (outside,inside) source static NET-VPNPOOL NET-VPNPOOL
nat (outside,outside) source dynamic NET-VPNPOOL interface
nat (inside,outside) source static obj-10.50.0.0 obj-10.50.0.0 destination static obj-192.168.60.0 obj-192.168.60.0
!
object network obj_any
nat (inside,outside) dynamic interface
object network obj-192.168.60.0
nat (outside,outside) dynamic interface
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
<--- More --->
             
http 10.50.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set CIMCO_MAN_TRANS esp-3des esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set CIMCO_MAN_TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map OUTSIDE_MAP interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=Bryan-ASA
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate ec497b50
    308202d8 308201c0 a0030201 020204ec 497b5030 0d06092a 864886f7 0d010105
    0500302e 31123010 06035504 03130942 7279616e 2d415341 31183016 06092a86
    4886f70d 01090216 09427279 616e2d41 5341301e 170d3132 31303135 30303230
    31335a17 0d323231 30313330 30323031 335a302e 31123010 06035504 03130942
    7279616e 2d415341 31183016 06092a86 4886f70d 01090216 09427279 616e2d41
    53413082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282
    010100d1 f0c09931 da436b29 888ca75a c4bb2f1c 903c3582 6383fd86 cee48c93
    ab276aa0 46f13513 8d7a4f9a 9c897b78 4b8c7076 836671a1 3ccb1f88 7948b0d7
    2ed8a440 280f0014 8319ec24 774fd456 58c4e686 01b9f0a1 d8bd48bb cb10e739
<--- More --->
             
    93dc4414 2640cfb6 69887850 17be7195 debb87ab 020a9ca3 54ddcfc0 ab320ba9
    54d7a7a5 91334d90 a9f73578 384435f9 1592f5c6 772e19d8 1b43af48 309c012d
    4b352f83 b40a190c 9fe9b9cf 5cd37f80 694319f8 b9d7e973 920a5ed0 19a83bee
    dcbf144e 6fbddfd1 dea76635 6c331a32 1edfd520 4446dffc 8ecbc09c c98b9931
    822b1986 59546826 5b6ae233 9fec5a88 fda621fc 0d5be259 1195547f c1a15d29
    950a9502 03010001 300d0609 2a864886 f70d0101 05050003 82010100 3ce482bf
    b5ab884d d95c4652 1b3a9ee8 127d5207 df3abf01 0b598523 4fe0c66a abf82a3c
    77d7f6a3 74290df6 9a189bff 8b1a7a94 08af8bf9 ca7e0a38 14bae311 ac159fdd
    bf1c9c11 450a4359 1a74d5fd dfda7205 7023c4c2 d32f94d5 11b4c8bc 1a8713ab
    fdf8000f 8bed2004 db0638bf b316d134 0887fbe4 347a1331 ca92220f f07b7b65
    7e079f12 4a083691 52968463 70549d72 f7df9e54 7977ba7c a22ddda6 c3266b1b
    b26ab6aa 671f01ac a62f959b a0416141 220e5984 b8196555 d4439083 493b86d5
    8f39b77b 9743c615 afd8f0dc b4e52838 a6a45c28 1292b7e7 9c25a636 abe18e5f
    c04183d6 963f0e06 eb7659aa fa261f3d c54fa6c0 4ac8c851 3930eb91
  quit
crypto ikev1 enable outside
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 10.50.0.0 255.255.255.0 inside
telnet 0.0.0.0 0.0.0.0 inside
<--- More --->
             
telnet timeout 30
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0

dhcpd auto_config outside
!
dhcpd address 10.50.0.10-10.50.0.40 inside
dhcpd dns 4.2.2.2 interface inside
dhcpd enable inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.6005-k9.pkg 1
anyconnect profiles AnyConnect disk0:/anyconnect.xml
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 4.2.2.2
<--- More --->
             
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-acl
webvpn
  anyconnect profiles value AnyConnect type user
group-policy VPNCLIENT internal
group-policy VPNCLIENT attributes
dns-server value 4.2.2.2
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split-acl
default-domain value randall.local
webvpn
  anyconnect profiles value AnyConnect type user
username bryan password 9yyVnd5p1Ke6w1Iu encrypted privilege 15
username john password nFEF0Xku7smzSs4N encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-POOL
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPN-POOL
tunnel-group VPNCLIENT type remote-access
tunnel-group VPNCLIENT general-attributes
address-pool VPN-POOL
default-group-policy VPNCLIENT
<--- More --->
             
tunnel-group VPNCLIENT ipsec-attributes
ikev1 pre-shared-key *****
ikev1 user-authentication none
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
<--- More --->
             
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

Bryan-ASA#  exit

Logoff

You've typo your VPN pool

Should have been 192.168.50.0/24 instead of 192.168.60.0/24

Here is the new NAT statement:

object network obj-192.168.50.0

   subnet 192.168.50.0 255.255.255.0

nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination  static obj-192.168.50.0 obj-192.168.50.0

For ping, just add the following:

policy-map global_policy

  class inspection_default

      inspect icmp

For the VPN to access LAN, pls try to add the following command:

management-access inside

Then see if you can ping 10.50.0.1

Then advise what you are trying to access on the inside network.

Oh and, what on the outside are you trying to ping from the inside network? Try to see if you can ping 4.2.2.2.

Hey there.  Whenever I try to ping to the internet, its always 4.2.2.2.  I added these commands, and I still cant ping anything internally while connected to VPN.  I can ping the internet from the VPN.  I also added the HTTP command in hopes I could connect to the ASDM from the VPN, but that didnt help either.  Here is the latest config.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2012.10.15 20:12:26 =~=~=~=~=~=~=~=~=~=~=~=

showr        run

: Saved

:

ASA Version 8.4(4)1

!

hostname Bryan-ASA

enable password Z77JKH8dh1FhRD4u encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

names

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

<--- More --->

!

interface Vlan1

nameif inside

security-level 100

ip address 10.50.0.1 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute

!

boot system disk0:/asa844-1-k8.bin

ftp mode passive

same-security-traffic permit intra-interface

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network NETWORK_OBJ_10.50.0.0_24

subnet 10.50.0.0 255.255.255.0

object network obj-10.0.0.0-01

subnet 10.0.0.0 255.0.0.0

object network obj-10.0.0.0

subnet 10.0.0.0 255.0.0.0

object network obj-10.50.0.0

subnet 10.50.0.0 255.255.255.0

<--- More --->

object network obj-192.168.50.0

subnet 192.168.50.0 255.255.255.0

object-group network RFC1918

network-object 192.168.0.0 255.255.0.0

network-object 10.0.0.0 255.0.0.0

access-list inside extended permit icmp any any

access-list inside extended permit ip any any

access-list ips extended permit ip any any

access-list traffic_for_ips extended permit ip any any

access-list split-acl standard permit 10.50.0.0 255.255.255.0

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool VPN-POOL 192.168.50.50-192.168.50.100 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-649-103.bin

no asdm history enable

arp timeout 14400

nat (inside,outside) source static any any destination static NETWORK_OBJ_10.50.0.0_24 NETWORK_OBJ_10.50.0.0_24 no-proxy-arp route-lookup

nat (inside,outside) source dynamic RFC1918 interface

nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.50.0 obj-192.168.50.0

!

object network obj_any

<--- More --->

nat (inside,outside) dynamic interface

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication ssh console LOCAL

http server enable

http 10.50.0.0 255.255.255.0 inside

http 192.168.50.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart

crypto ipsec ikev1 transform-set CIMCO_MAN_TRANS esp-3des esp-md5-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set CIMCO_MAN_TRANS

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route

crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map OUTSIDE_MAP interface outside

crypto ca trustpoint ASDM_TrustPoint0

<--- More --->

enrollment self

subject-name CN=Bryan-ASA

crl configure

crypto ca certificate chain ASDM_TrustPoint0

certificate ec497b50

    308202d8 308201c0 a0030201 020204ec 497b5030 0d06092a 864886f7 0d010105

    0500302e 31123010 06035504 03130942 7279616e 2d415341 31183016 06092a86

    4886f70d 01090216 09427279 616e2d41 5341301e 170d3132 31303135 30303230

    31335a17 0d323231 30313330 30323031 335a302e 31123010 06035504 03130942

    7279616e 2d415341 31183016 06092a86 4886f70d 01090216 09427279 616e2d41

    53413082 0122300d 06092a86 4886f70d 01010105 00038201 0f003082 010a0282

    010100d1 f0c09931 da436b29 888ca75a c4bb2f1c 903c3582 6383fd86 cee48c93

    ab276aa0 46f13513 8d7a4f9a 9c897b78 4b8c7076 836671a1 3ccb1f88 7948b0d7

    2ed8a440 280f0014 8319ec24 774fd456 58c4e686 01b9f0a1 d8bd48bb cb10e739

    93dc4414 2640cfb6 69887850 17be7195 debb87ab 020a9ca3 54ddcfc0 ab320ba9

    54d7a7a5 91334d90 a9f73578 384435f9 1592f5c6 772e19d8 1b43af48 309c012d

    4b352f83 b40a190c 9fe9b9cf 5cd37f80 694319f8 b9d7e973 920a5ed0 19a83bee

    dcbf144e 6fbddfd1 dea76635 6c331a32 1edfd520 4446dffc 8ecbc09c c98b9931

    822b1986 59546826 5b6ae233 9fec5a88 fda621fc 0d5be259 1195547f c1a15d29

    950a9502 03010001 300d0609 2a864886 f70d0101 05050003 82010100 3ce482bf

    b5ab884d d95c4652 1b3a9ee8 127d5207 df3abf01 0b598523 4fe0c66a abf82a3c

    77d7f6a3 74290df6 9a189bff 8b1a7a94 08af8bf9 ca7e0a38 14bae311 ac159fdd

    bf1c9c11 450a4359 1a74d5fd dfda7205 7023c4c2 d32f94d5 11b4c8bc 1a8713ab

    fdf8000f 8bed2004 db0638bf b316d134 0887fbe4 347a1331 ca92220f f07b7b65

<--- More --->

    7e079f12 4a083691 52968463 70549d72 f7df9e54 7977ba7c a22ddda6 c3266b1b

    b26ab6aa 671f01ac a62f959b a0416141 220e5984 b8196555 d4439083 493b86d5

    8f39b77b 9743c615 afd8f0dc b4e52838 a6a45c28 1292b7e7 9c25a636 abe18e5f

    c04183d6 963f0e06 eb7659aa fa261f3d c54fa6c0 4ac8c851 3930eb91

  quit

crypto ikev1 enable outside

crypto ikev1 policy 100

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

telnet 10.50.0.0 255.255.255.0 inside

telnet 0.0.0.0 0.0.0.0 inside

telnet timeout 30

ssh 0.0.0.0 0.0.0.0 inside

ssh 0.0.0.0 0.0.0.0 outside

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

management-access inside

dhcpd auto_config outside

!

<--- More --->

dhcpd address 10.50.0.10-10.50.0.40 inside

dhcpd dns 4.2.2.2 interface inside

dhcpd enable inside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl trust-point ASDM_TrustPoint0 outside

webvpn

enable outside

anyconnect image disk0:/anyconnect-win-2.5.6005-k9.pkg 1

anyconnect profiles AnyConnect disk0:/anyconnect.xml

anyconnect enable

tunnel-group-list enable

group-policy DfltGrpPolicy attributes

dns-server value 4.2.2.2

vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split-acl

webvpn

  anyconnect profiles value AnyConnect type user

group-policy VPNCLIENT internal

group-policy VPNCLIENT attributes

dns-server value 4.2.2.2

<--- More --->

vpn-tunnel-protocol ikev1

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split-acl

default-domain value randall.local

webvpn

  anyconnect profiles value AnyConnect type user

username bryan password 9yyVnd5p1Ke6w1Iu encrypted privilege 15

username john password nFEF0Xku7smzSs4N encrypted privilege 15

tunnel-group DefaultRAGroup general-attributes

address-pool VPN-POOL

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool VPN-POOL

tunnel-group VPNCLIENT type remote-access

tunnel-group VPNCLIENT general-attributes

address-pool VPN-POOL

default-group-policy VPNCLIENT

tunnel-group VPNCLIENT ipsec-attributes

ikev1 pre-shared-key *****

ikev1 user-authentication none

!

class-map inspection_default

match default-inspection-traffic

!

!

<--- More --->

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp

!

service-policy global_policy global

<--- More --->

prompt hostname context

no call-home reporting anonymous

Cryptochecksum:350537020abb3f5c43ae3d89ed1d1dcb

: end

Bryan-ASA#     exit

Logoff

Pls remove the following command:

nat (inside,outside) source static any any destination static  NETWORK_OBJ_10.50.0.0_24 NETWORK_OBJ_10.50.0.0_24 no-proxy-arp  route-lookup

and "clear xlate", and see if you can access internal stuff now.

Alright, I can access stuff on the lan.  The only thing missing now is that I can not ping the inside interface of the firewall itself from the VPN, and I can not connect to the ASDM from the vpn.

OK, pls change the following:

FROM:

nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.50.0 obj-192.168.50.0

TO:

nat (inside,outside) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-192.168.50.0 obj-192.168.50.0 route-lookup

Then "clear xlate".

Looks like you might be hitting bugID (probably not fix in your version of code):

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtr16184

Amazing, it works.  I have one final request.  I need to create a nat statement that will all all traffic that comes in to the outside interface on port 41790 to forward to a device on the inside at 10.50.0.90.  I'm sure that is a quick and east statement anyone can help me out.

Thanks,
John

Sure, here we go:

object network obj-10.50.0.90

  host 10.50.0.90

  nat (inside,outside) static interface service tcp 41790 41790

access-list outside-acl permit tcp any object obj-10.50.0.90 eq 41790

access-group outside-acl in interface outside

Everything works.  Thank you so much.  Your help has been invaluable.

It turns out the one command given to do a port forward did not work.  Does anyone know the correct command to send all traffic intended for a particular port recieved on the wan interface of an ASA, to forward to an internal server?