Hi friends,

I am a new palyer in ASA.

My company is small. We need remote client access server in LAN via VPN.

I have an ASA5510 with version 7.0 . I have configured remote access VPN and it can establish tunnel successfully. But I can't access server.

VPN client is version 5.0.07.0290 . Encrypted packets have increasing but Decrypted packets is 0 in statistics of VPN client, after I connected successfully.

In ASA side, I show crypto ipsec sa, just have decrypted packets increase.

Who can help me?

Thanks a lot.

The configuration in follow:

ASA Version 7.0(7)
!
hostname VPNhost
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 10
 ip address 221.122.96.51 255.255.255.240
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.42.199 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 shutdown
 no nameif
 no security-level
 no ip address
 management-only
!
ftp mode passive
dns domain-lookup inside
access-list PAT_acl extended permit ip 192.168.42.0 255.255.255.0 any
access-list allow_PING extended permit icmp any any inactive
access-list Internet extended permit ip host 221.122.96.51 any inactive
access-list VPN extended permit ip 192.168.42.0 255.255.255.0 192.168.43.0 255.255.255.0
access-list VPN extended permit ip 192.168.43.0 255.255.255.0 192.168.42.0 255.255.255.0
access-list CAPTURE extended permit ip host 192.168.43.10 host 192.168.42.251
access-list CAPTURE extended permit ip host 192.168.42.251 host 192.168.43.10
pager lines 24
mtu outside 1500
mtu inside 1500
ip local pool testpool 192.168.43.10-192.168.43.20
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list VPN
nat (inside) 1 access-list PAT_acl
route outside 0.0.0.0 0.0.0.0 221.122.96.49 10

username testuser password 123
aaa authentication ssh console LOCAL
aaa local authentication attempts max-fail 3
no sysopt connection permit-ipsec
crypto ipsec transform-set FirstSet esp-des esp-md5-hmac
crypto dynamic-map dyn1 1 set transform-set FirstSet
crypto dynamic-map dyn1 1 set reverse-route
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto map mymap interface outside
isakmp enable outside
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption des
isakmp policy 1 hash md5
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp nat-traversal  3600
tunnel-group testgroup type ipsec-ra
tunnel-group testgroup general-attributes
 address-pool testpool
tunnel-group testgroup ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh timeout 10
console timeout 0
: end

Topology as follow: