Hello all,

I have the following config below on my ASA5505, where I want to be able to access remote computers who are VPN'd into the inside network, for support purposes.

I want to be able to ping the VPN ip from the LAN, and be able to connect to these computers via the VPN ip.

Any insight will be much appreciated, Many thanks!

ciscousa# sho run

: Saved

:

ASA Version 8.2(2)

!

!

interface Vlan1

nameif inside

security-level 100

ip address 192.168.1.2 255.255.255.0

!

interface Vlan2

nameif outside

security-level 0

ip address 18.7.1.5 255.255.255.248

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/3

speed 100

duplex full

!

ftp mode passive

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

object-group network luxsci

access-list outside_in extended permit icmp any any

access-list split_tunnel standard permit 192.168.1.0 255.255.255.0

access-list inside_access_in extended permit ip any any

access-list outside_access_in extended permit ip any any

access-list nonat extended permit ip any 10.10.10.0 255.255.255.0

pager lines 24

logging enable

logging buffered debugging

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

ip local pool ipsec-vpn 10.10.10.1-10.10.10.20 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

access-group inside_access_in in interface inside

access-group outside_in in interface outside

route outside 0.0.0.0 0.0.0.0 18.7.1.5 1

dynamic-access-policy-record DfltAccessPolicy

http server enable

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec security-association lifetime seconds 28800

crypto ipsec security-association lifetime kilobytes 4608000

crypto dynamic-map internet-1_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map internet-1_dyn_map 20 set security-association lifetime seconds 28800

crypto dynamic-map internet-1_dyn_map 20 set security-association lifetime kilobytes 4608000

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000

crypto map internet-1_map 65535 ipsec-isakmp dynamic internet-1_dyn_mapcrypto map internet-1_map interface outside

crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map inside_map interface inside

crypto isakmp identity address

crypto isakmp enable inside

crypto isakmp enable outside

crypto isakmp policy 10

authentication …..

encryption ……

hash …..

group 1 ……

lifetime 86400

crypto isakmp nat-traversal 20

telnet timeout 5

ssh timeout 5

console timeout 0

management-access inside

dhcpd auto_config outside

!

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ssl encryption rc4-sha1

webvpn

group-policy ipsec internal

group-policy ipsec attributes

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split_tunnel

default-domain value company.com

tunnel-group ipsec type remote-access

tunnel-group ipsec general-attributes

address-pool ipsec-vpn

default-group-policy ipsec

tunnel-group ipsec ipsec-attributes

pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum client auto

  message-length maximum 512

policy-map global-policy

class inspection_default

  inspect icmp

class class-default

!