Question : Problem: VPN tunnel is created but no access to local network

We have set up Remote VPN on Cisco ASA 5505 which connects fine and authorizes against internal AD via LDAP but can't access/ping/RDP anything on the internal network??

Running config si as follows. Note that there is a modem in front of the FW so the external Ip is correct  :)  :

ASA Version 7.2(3)
!
hostname ciscoasa
domain-name default.domain.invalid
enable password ************ encrypted
names
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.10.254 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 192.168.1.1 255.255.255.0
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passwd ******** encrypted
ftp mode passive
dns server-group DefaultDNS
 domain-name default.domain.invalid
object-group network Sten***
 description Sten*** internal network
 network-object 192.168.10.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.15.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.15.96 255.255.255.224
access-list inside_access_in extended permit ip 192.168.10.0 255.255.255.0 any
access-list inside_access_in extended permit tcp 192.168.10.0 255.255.255.0 any
access-list inside_access_in extended permit udp 192.168.10.0 255.255.255.0 any
access-list inside_access_in extended permit icmp 192.168.10.0 255.255.255.0 any
access-list VPN_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list VPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool RemoteUsers 192.168.15.50-192.168.15.80 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.1.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa-server LDAP_Server protocol ldap
aaa-server LDAP_Server host 192.168.10.10
 ldap-base-dn dc=STEN***,dc=local
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *
 ldap-login-dn CN=******,CN=Users,DC=STEN***,DC=local
 server-type microsoft
http server enable
http 199.***.***.*** 255.255.255.255 outside
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 40 set pfs
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 60 set pfs
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 80 set pfs
crypto dynamic-map outside_dyn_map 80 set transform-set ESP-AES-256-SHA
crypto dynamic-map outside_dyn_map 100 set pfs
crypto dynamic-map outside_dyn_map 100 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 199.***.***.*** 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.10.100-192.168.10.125 inside
dhcpd dns 192.168.10.10 4.2.2.1 interface inside
dhcpd domain stennlaw.local interface inside
dhcpd enable inside
!

!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
group-policy VPN internal
group-policy VPN attributes
 wins-server value 192.168.10.10
 dns-server value 192.168.10.10 4.2.2.2
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value VPN_splitTunnelAcl
 default-domain value sten***.local
username USERNAME password PASSWORD encrypted privilege 15
tunnel-group VPN type ipsec-ra
tunnel-group VPN general-attributes
 address-pool (outside) RemoteUsers
 authentication-server-group LDAP_Server
 default-group-policy VPN
tunnel-group VPN ipsec-attributes
 pre-shared-key *
prompt hostname context
Cryptochecksum:*****************
: end
asdm image disk0:/asdm-523.bin
no asdm history enable

Answer : Problem: VPN tunnel is created but no access to local network

Don't know if this is the cause....  but try changing the split tunnel ACL
Also, your nato should include the entire range of the ip local pool


no access-list VPN_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
no access-list VPN_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0

access-list VPN_splitTunnelAcl extended permit 192.168.10.0 255.255.255.0 192.168.15.0 255.255.255.0

access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.15.0 255.255.255.0

Random Solutions  
 
programming4us programming4us