Hi Jennifer,

Thank you for your reply:

I have tried what you asked to do and didn't work:

1- Adding

sysopt connection permit-ipsec

to my config

2- group-policy ClientVPN attributes

     vpn-tunnel-protocol ipsec

3- Changed the IP pool

ip local pool VPNIpPool 172.16.15.250-172.16.15.252 mask 255.255.255.0

4- Changed the group-policy and tunnel-group as follows:

group-policy ClientVPNPolicy internal

group-policy ClientVPNPolicy attributes

dns-server value 192.xxx.xxx.30 192.xxx.xxx.33

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ClientVPN_splitTunnelAcl

webvpn

username usertest password ***** encrypted privilege 0

username usertest attributes

vpn-group-policy ClientVPNPolicy

webvpn

tunnel-group ClientVPN type ipsec-ra

tunnel-group ClientVPN general-attributes

address-pool VPNIpPool

default-group-policy ClientVPNPolicy

tunnel-group ClientVPN ipsec-attributes

pre-shared-key ******

Didn't work either.

I am attaching my new config now.

Thank for your help i am really desperate

Regards

ASA Version 7.0(7)

!

hostname MyCompany

domain-name default.domain.invalid

enable password ***** encrypted

names

name 92.xxx.xxx.xxx srv1

dns-guard

!

interface Ethernet0/0

speed 10

nameif outside

security-level 0

ip address 92.xxx.xxx.2 255.xxx.xxx.0

!

interface Ethernet0/1

nameif inside

security-level 100

ip address 192.xxx.xxx.1 255.255.255.0

!

passwd ***** encrypted

ftp mode passive

access-list idm extended permit ip any any

access-list Outside_IN extended permit tcp any host 92.xxx.xxx.2 (outside interface)

access-list 90 extended permit ip 192.xxx.xxx.0 255.255.255.0 192.xxx.xxx.248 255.255.255.248

access-list 96 extended permit ip host app1srv host 111.111.111.76

access-list 96 extended permit ip host app1srv host 111.111.111.77

access-list 96 extended permit ip host app2srv host 111.111.111.76

access-list 96 extended permit ip host app2srv host 111.111.111.77

access-list ClientVPN_splitTunnelAcl standard permit 192.xxx.xxx.0 255.255.255.0

pager lines 24

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu dmzdown 1500

mtu management 1500

ip local pool VPNIpPool 192.xxx.xxx.250-192.xxx.xxx.252 mask 255.255.255.0

asdm image disk0:/asdm-509.bin

no asdm history enable

arp timeout 14400

global (outside) 1 92.xxx.xxx.254

nat (inside) 0 access-list 90

nat (inside) 1 192.xxx.xxx.0 255.255.255.0

static (inside,outside) srv1 192.xxx.xxx.30 netmask 255.255.255.255

access-group Outside_IN in interface outside

access-group idm in interface inside

route outside 0.0.0.0 0.0.0.0 92.xxx.xxx.1 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

group-policy ClientVPNPolicy internal

group-policy ClientVPNPolicy attributes

dns-server value 192.xxx.xxx.30 192.xxx.xxx.33

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ClientVPN_splitTunnelAcl

webvpn

username usertest password ***** encrypted privilege 0

username usertest attributes

vpn-group-policy ClientVPNPolicy

webvpn

http server enable

http 192.xxx.xxx.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set Site_Site_VPN esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map ToOutside 26 match address 96

crypto map ToOutside 26 set peer 111.111.111.1

crypto map ToOutside 26 set transform-set Site_Site_VPN

crypto map ToOutside 26 set security-association lifetime seconds 86400

crypto map ToOutside 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map ToOutside interface outside

isakmp identity address

isakmp enable outside

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption 3des

isakmp policy 20 hash md5

isakmp policy 20 group 2

isakmp policy 20 lifetime 86400

isakmp policy 30 authentication pre-share

isakmp policy 30 encryption aes-256

isakmp policy 30 hash sha

isakmp policy 30 group 2

isakmp policy 30 lifetime 86400

isakmp policy 40 authentication pre-share

isakmp policy 40 encryption 3des

isakmp policy 40 hash sha

isakmp policy 40 group 2

isakmp policy 40 lifetime 86400

isakmp policy 50 authentication pre-share

isakmp policy 50 encryption 3des

isakmp policy 50 hash md5

isakmp policy 50 group 1

isakmp policy 50 lifetime 86400

isakmp am-disable

tunnel-group 111.111.111.1 type ipsec-l2l

tunnel-group 111.111.111.1 ipsec-attributes

pre-shared-key *****

tunnel-group ClientVPN type ipsec-ra

tunnel-group ClientVPN general-attributes

address-pool VPNIpPool

default-group-policy ClientVPNPolicy

tunnel-group ClientVPN ipsec-attributes

pre-shared-key ******

telnet 192.xxx.xxx.0 255.255.255.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map global_policy

class inspection_default

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

  inspect netbios

  inspect tftp

!

service-policy global_policy global

Cryptochecksum:6905b6ae5815f04794207ff4929351b7

: end

Finally found the issue....

it is crypto isakmp am-disable

when putting no

crypto isakmp am-disable

The Client VPN is up

Thank for the help

Great finding and thanks for sharing...