How can I check that?  With a simple show route?

I am using a local pool.

ip local pool VPN_GAD 10.0.19.39-10.0.19.50 mask 255.255.255.224

A show route command on the asa shows the following route

S 10.0.19.39 255.255.255.255 [1/0] iva 10.0.17.17, Outside

On my layer 3 switch, there is no route to the VPN client range.

The asa has RIP configured :

router rip

  network 10.0.0.0

  redistribute static

  default-information originate

  version 2

The layer 3 switch has RIP configured :

router rip

  version2

  redistribute static

  network 10.0.0.0

  no auto-summary

no auto-summary is missing on the ASA rip config. What routes from the ASA do you see on the layer 3 switch?

I added the "no auto-summary" on the ASA.

There are a lot of static routes defined on the ASA (as a S).  These also appear on the layer 3 switch (as a R).

Is reverse route injection configured on the asa.  Have a look at the following doc as a guide:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/107596-asa-reverseroute.html

As far as I can see, these commands are present in my config.

We also have some site to site VPNs and they are working correctly.

Below is a copy of some relevant parts of my config:

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 15 match address Outside_15_cryptomap
crypto dynamic-map Outside_dyn_map 15 set pfs
crypto dynamic-map Outside_dyn_map 15 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 15 set reverse-route
crypto dynamic-map Outside_dyn_map 20 match address Outside_20_cryptomap
crypto dynamic-map Outside_dyn_map 20 set pfs
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 20 set reverse-route
crypto dynamic-map Outside_dyn_map 40 set pfs
crypto dynamic-map Outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 60 set pfs
crypto dynamic-map Outside_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 80 set pfs
crypto dynamic-map Outside_dyn_map 80 set transform-set ESP-3DES-SHA
crypto dynamic-map Outside_dyn_map 100 set pfs
crypto dynamic-map Outside_dyn_map 100 set transform-set ESP-3DES-SHA
crypto map Outside_map 40 match address Outside_40_cryptomap
crypto map Outside_map 40 set pfs
crypto map Outside_map 40 set peer 87.66.7.232
crypto map Outside_map 40 set transform-set ESP-3DES-SHA
crypto map Outside_map 80 match address Outside_80_cryptomap
crypto map Outside_map 80 set pfs
crypto map Outside_map 80 set peer 87.66.7.234
crypto map Outside_map 80 set transform-set ESP-3DES-SHA
crypto map Outside_map 100 match address Outside_100_cryptomap
crypto map Outside_map 100 set pfs
crypto map Outside_map 100 set peer 87.66.7.231
crypto map Outside_map 100 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity hostname
crypto isakmp enable Outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
tunnel-group DefaultL2LGroup ipsec-attributes
 pre-shared-key *
tunnel-group GADVPN type ipsec-ra
tunnel-group GADVPN general-attributes
 address-pool VPN_GAD
 authentication-server-group group1
 default-group-policy GADVPN
tunnel-group GADVPN ipsec-attributes
 pre-shared-key *
tunnel-group 87.66.7.232 type ipsec-l2l
tunnel-group 87.66.7.232 ipsec-attributes
 pre-shared-key *
tunnel-group 87.66.7.231 type ipsec-l2l
tunnel-group 87.66.7.231 ipsec-attributes
 pre-shared-key *
tunnel-group 87.66.7.234 type ipsec-l2l
tunnel-group 87.66.7.234 ipsec-attributes
 pre-shared-key *

 

When I use the ASDM console I notice that the tunnel does come up.  But when I go to the VPN statistics, there is 0 Bytes Tx and 0 Bytes Rx even though I am running a ping command from my laptop to a server on our LAN.

The site-to-site VPNs do show increasing Tx and Rx values.