I am trying to enable SSH over a VPN connection using the Cisco VPN client v4.0.2 (D) but I am not having any luck. I know that I have done this before very easily but for some reason it is not working. What am I missing? The OS version is 6.3.

interface ethernet0 auto

interface ethernet1 auto

interface ethernet2 auto

interface ethernet3 auto

interface ethernet4 auto

interface ethernet5 auto shutdown

nameif ethernet0 outside security0

nameif ethernet1 inside security100

nameif ethernet2 dmz security50

nameif ethernet3 calyx security75

nameif ethernet4 pila security25

nameif ethernet5 intf5 security25

enable password xxxxxxxxxxxxxxxxx encrypted

passwd xxxxxxxxx encrypted

hostname pix

domain-name vtbc.com

access-list vpnadminacl permit ip 10.1.0.0 255.255.0.0 192.168.255.0 255.255.255.0

access-list vpnadminacl permit ip 192.168.253.0 255.255.255.0 192.168.255.0 255.255.255.0

access-list vpnadminacl permit ip 172.20.250.0 255.255.254.0 192.168.255.0 255.255.255.0

access-list vpnadminacl permit ip 192.168.1.0 255.255.255.0 192.168.255.0 255.255.255.0

access-list vpnadminacl permit ip host 10.10.212.66 192.168.255.0 255.255.255.0

access-list nonat permit ip 10.1.0.0 255.255.0.0 192.168.255.0 255.255.255.0

access-list nonat permit ip 10.1.0.0 255.255.0.0 192.168.254.0 255.255.255.0

access-list nonat permit ip 10.1.0.0 255.255.0.0 172.20.250.0 255.255.254.0

access-list nonat permit ip 10.1.0.0 255.255.0.0 192.168.253.0 255.255.255.0

access-list nonat permit ip 10.1.0.0 255.255.0.0 10.0.20.0 255.255.255.0

access-list nonat permit ip host 10.103.103.9 172.22.251.0 255.255.255.0

access-list nonat permit ip 10.1.0.0 255.255.0.0 192.168.1.0 255.255.255.0

access-list nonat permit ip host 128.1.16.1 host 192.168.100.100

access-list allowin permit tcp any host 10.217.165.114 eq www

access-list allowin permit tcp any host 10.10.212.74 eq pcanywhere-data

access-list allowin permit udp any host 10.10.212.74 eq pcanywhere-status

access-list allowin permit udp any host 10.10.212.76 eq 1604

access-list allowin permit tcp any host 10.10.212.67 eq smtp

access-list allowin permit tcp any host 10.10.212.72 eq www

access-list allowin permit tcp any host 10.217.165.114 eq 9010

access-list allowin permit icmp any any echo-reply

access-list allowin permit icmp any any source-quench

access-list allowin permit icmp any any unreachable

access-list allowin permit icmp any any time-exceeded

access-list allowin permit tcp any host 10.217.165.119 eq telnet

access-list allowin permit tcp any host 10.217.165.120 eq sqlnet

access-list allowin permit tcp any host 10.217.165.119 eq www

access-list allowin permit tcp 10.123.105.0 255.255.255.0 host 10.217.165.119 eq telnet

access-list allowin permit tcp 10.123.105.0 255.255.255.0 host 10.217.165.120 eq telnet

access-list allowin permit tcp 10.123.105.0 255.255.255.0 host 10.217.165.119 eq ssh

access-list allowin permit tcp 10.123.105.0 255.255.255.0 host 10.217.165.120 eq ssh

access-list allowin permit tcp 10.123.105.0 255.255.255.0 host 10.217.165.119 eq ftp

access-list allowin permit tcp 10.123.105.0 255.255.255.0 host 10.217.165.120 eq ftp

access-list allowin permit tcp host 172.16.28.52 host 10.217.165.122 eq 1433

access-list allowin permit tcp host 172.16.28.20 host 10.217.165.122 eq 1433

access-list allowin permit tcp host 172.16.28.30 host 10.217.165.122 eq 1433

access-list allowin permit tcp 10.30.29.0 255.255.255.224 host 10.217.165.115 eq ssh

access-list allowin permit tcp 10.30.6.128 255.255.255.248 host 10.217.165.115 eq ssh

access-list allowin permit tcp host 10.209.188.58 host 10.217.165.115 eq ssh

access-list allowin permit tcp 10.30.29.0 255.255.255.224 host 10.217.165.116 eq ssh

access-list allowin permit tcp 10.30.6.128 255.255.255.248 host 10.217.165.116 eq ssh

access-list allowin permit tcp host 10.209.188.58 host 10.217.165.116 eq ssh

access-list allowin permit tcp any host 10.217.165.116 eq www

access-list nonatdmz permit ip 192.168.253.0 255.255.255.0 192.168.255.0 255.255.255.0

access-list nonatdmz permit ip 192.168.253.0 255.255.255.0 192.168.254.0 255.255.255.0

access-list nonatdmz permit ip 192.168.253.0 255.255.255.0 10.1.0.0 255.255.0.0

access-list nonatcalyx permit ip 172.20.250.0 255.255.254.0 192.168.255.0 255.255.255.0

access-list nonatcalyx permit ip 172.20.250.0 255.255.254.0 10.1.0.0 255.255.0.0

access-list nonatcalyx permit ip 172.20.250.0 255.255.254.0 172.22.251.0 255.255.255.0

access-list nonatcalyx permit ip 172.20.250.0 255.255.254.0 10.0.0.0 255.255.255.0

access-list nonatcalyx permit ip 172.20.250.0 255.255.254.0 192.168.1.0 255.255.255.0

access-list nonatpila permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0

access-list nonatpila permit ip 192.168.1.0 255.255.255.0 172.20.250.0 255.255.254.0

access-list nonatpila permit ip 192.168.1.0 255.255.255.0 192.168.255.0 255.255.255.0

access-list nonatpila permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.0.0

access-list nonatpila permit ip 192.168.1.0 255.255.255.0 192.168.252.0 255.255.255.0

access-list shelb2veroacl permit ip 172.20.250.0 255.255.254.0 10.0.0.0 255.255.255.0

access-list shelb2veroacl permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0

access-list vpnclientacl permit ip any any

access-list growervpnacl permit ip 172.20.250.0 255.255.254.0 172.22.251.0 255.255.255.0

access-list growervpnacl permit ip 10.1.0.0 255.255.0.0 172.22.251.0 255.255.255.0

access-list pilavpnacl permit ip 192.168.1.0 255.255.255.0 192.168.252.0 255.255.255.0

access-list vdlvpnacl permit ip 172.20.250.0 255.255.254.0 172.22.251.0 255.255.255.0

access-list vdlvpnacl permit ip host 10.103.103.9 172.22.251.0 255.255.255.0

access-list vdlvpnacl deny ip any any

pager lines 24

icmp permit any inside

mtu outside 1500

mtu inside 1500

mtu dmz 1500

mtu calyx 1500

mtu pila 1500

mtu intf5 1500

ip address outside 10.10.212.66 255.255.255.240

ip address inside 10.100.100.4 255.255.0.0

ip address dmz 192.168.253.1 255.255.255.0

ip address calyx 172.20.250.1 255.255.254.0

ip address pila 192.168.1.20 255.255.255.0

no ip address intf5

ip verify reverse-path interface outside

ip audit info action alarm drop reset

ip audit attack action alarm drop reset

ip local pool vpnadminpool 192.168.255.100-192.168.255.150

ip local pool vpnclientpool 192.168.254.100-192.168.254.150

ip local pool vpngrowerpool 172.22.251.1-172.22.251.100

ip local pool quovadxvpnpool 192.168.100.100

ip local pool pilapool 192.168.252.100-192.168.252.110

arp timeout 14400

global (outside) 1 10.10.212.75

nat (inside) 0 access-list nonat

nat (inside) 1 10.1.0.0 255.255.0.0 0 0

nat (dmz) 0 access-list nonatdmz

nat (dmz) 1 192.168.253.0 255.255.255.0 0 0

nat (calyx) 0 access-list nonatcalyx

nat (calyx) 1 172.20.250.0 255.255.254.0 0 0

nat (pila) 0 access-list nonatpila

nat (pila) 1 192.168.1.0 255.255.255.0 0 0

static (inside,outside) 10.10.212.76 128.1.95.10 netmask 255.255.255.255 0 0

static (inside,outside) 10.10.212.67 128.1.95.15 netmask 255.255.255.255 0 0

static (inside,outside) 10.217.165.115 128.1.101.7 netmask 255.255.255.255 0 0

static (inside,outside) 10.10.212.69 128.1.95.16 netmask 255.255.255.255 0 0

static (dmz,outside) 10.217.165.114 192.168.253.11 netmask 255.255.255.255 0 0

static (dmz,outside) 10.10.212.72 192.168.253.20 netmask 255.255.255.255 0 0

static (calyx,outside) 10.217.165.119 172.20.251.185 netmask 255.255.255.255 0 0

static (calyx,outside) 10.217.165.120 172.20.251.186 netmask 255.255.255.255 0 0

static (pila,outside) 10.217.165.122 192.168.1.2 netmask 255.255.255.255 0 0

static (inside,outside) 10.10.212.74 10.100.100.8 netmask 255.255.255.255 0 0

static (dmz,outside) 10.217.165.116 192.168.253.21 netmask 255.255.255.255 0 0

access-group allowin in interface outside

access-group allowdmz in interface dmz

access-group allowcalyx in interface calyx

access-group allowpila in interface pila

route outside 0.0.0.0 0.0.0.0 10.10.212.65 1

timeout xlate 3:00:00

timeout conn 28:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

floodguard enable

sysopt connection permit-ipsec

crypto ipsec transform-set vpntransset esp-des esp-md5-hmac

crypto dynamic-map vpndynmap 90 set transform-set vpntransset

crypto map vpnmap 20 ipsec-isakmp

crypto map vpnmap 20 match address shelb2veroacl

crypto map vpnmap 20 set peer 172.16.161.162

crypto map vpnmap 20 set transform-set vpntransset

crypto map vpnmap 90 ipsec-isakmp dynamic vpndynmap

crypto map vpnmap interface outside

isakmp enable outside

isakmp key ******** address 172.16.161.162 netmask 255.255.255.255 no-xauth no-config-mode

isakmp key ******** address 0.0.0.0 netmask 0.0.0.0 no-xauth

isakmp identity address

isakmp nat-traversal 20

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 20 authentication pre-share

isakmp policy 20 encryption des

isakmp policy 20 hash md5

isakmp policy 20 group 1

isakmp policy 20 lifetime 86400

vpngroup vpnclientadmin address-pool vpnadminpool

vpngroup vpnclientadmin dns-server 128.1.95.13 128.1.95.12

vpngroup vpnclientadmin default-domain vtbc.com

vpngroup vpnclientadmin split-tunnel vpnadminacl

vpngroup vpnclientadmin idle-time 1800

vpngroup vpnclientadmin password ********

telnet timeout 5

ssh 192.168.255.0 255.255.255.0 outside

ssh 10.103.103.9 255.255.255.255 inside

ssh 10.103.103.8 255.255.255.255 inside

ssh 10.103.103.7 255.255.255.255 inside

ssh timeout 15

management-access outside

console timeout 0

terminal width 80