access-list inside_outbound_nat0_acl extended permit ip INSIDE-NET 255.255.255.0 192.168.70.0 255.255.255.0

access-list dmz_outbound_nat0_acl extended permit ip DMZ-NET 255.255.255.0 192.168.70.0 255.255.255.0

access-list dmz_outbound_nat0_acl extended permit ip any host 10.1.19.4

nat (inside) 0 access-list inside_outbound_nat0_acl

nat (inside) 1 INSIDE-NET 255.255.255.0

nat (dmz) 0 access-list dmz_outbound_nat0_acl

nat (dmz) 1 DMZ-NET 255.255.255.0

Split tunnel is enabled

please find attached the configs

The config looks ok. The inside network is exempted from nat to the vpn client subnet and is also included in the split tunnel acl. Can you ping any devices on the inside network or is it specifically ssh traffic?

Any thing on the internal network is not reachable

I tried to SSH to Internal network, the syslog gives the following:

3 Jul 16 2007 18:13:40 713042 IKE Initiator unable to find policy: Intf 1, Src: 192.168.60.10, Dst: 192.168.70.8

Please help me out.

Try this...

crypto map outside_map interface outside

crypto isakmp identity address

no crypto map outside_map 40 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

This is all you should need. I would clean out all the rest.

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp identity address

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash md5

group 2

lifetime 86400

crypto isakmp policy 30

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

Crypto map access list was conflicting with the site-site vpn. i have changed that, it started working.

thanks for the support