Thanks for the help. What doesn't make sense?

I create a VPN for clients. They connect and are assigned IP addresses based on the username from an IP pool. When I run IPCONFIG/ALL on the client, the gateway is 10.10.77.1.

The internal IP of the ASA is 10.10.77.254. So the clients are not able to access any resources on the network.

You have another problem. It is not related to the defaut gateway.

Рost the configuration.

Result of the command: "sh running-config"

: Saved

:

ASA Version 7.2(2)

!

hostname ghla-asa

domain-name XXXXXXX.com

enable password

names

!

interface Vlan1

nameif inside

security-level 100

ip address 10.10.77.254 255.255.255.0

ospf cost 10

!

interface Vlan2

nameif outside

security-level 0

ip address XX.XX.XX.XX 255.255.255.248

ospf cost 10

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

!

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

passwd

ftp mode passive

clock timezone CST -6

clock summer-time CDT recurring

dns server-group DefaultDNS

domain-name XXX.com

same-security-traffic permit inter-interface

same-security-traffic permit intra-interface

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit udp any any

access-list inside_access_in extended permit tcp any any

access-list inside_access_in extended permit icmp any any

access-list outside_access_in extended permit tcp any eq ssh any eq ssh

access-list outside_access_in extended permit tcp any eq smtp any eq smtp

access-list outside_access_in extended permit tcp any eq pop3 any eq pop3

access-list outside_access_in extended permit tcp any eq www any eq www

access-list outside_access_in extended permit tcp any eq 209 any eq 209

access-list outside_access_in extended permit tcp any eq 445 any eq 445

access-list outside_access_in extended permit tcp any eq 628 any eq 628

access-list outside_access_in extended permit tcp any eq 5901 any eq 5901

access-list outside_access_in extended permit tcp any eq 10000 any eq 10000

access-list outside_access_in extended permit tcp any range 33000 33254 any range 33000 33254

access-list outside_access_in extended permit tcp any range 55000 55254 any range 55000 55254

access-list outside_access_in extended permit tcp any any

access-list outside_access_in extended permit udp any any

access-list outside_access_in extended permit icmp any any

access-list outside_access_in extended permit ip any any

access-list ghla_splitTunnelAcl standard permit 10.10.77.0 255.255.255.0

access-list ghla_splitTunnelAcl standard permit any

access-list ghla-vpn_splitTunnelAcl standard permit any

access-list inside_nat0_outbound extended permit ip any 10.20.77.128 255.255.255.192

access-list 101 extended permit ip 10.20.77.0 255.255.255.0 10.10.77.0 255.255.255.0

access-list 101 extended permit ip 10.10.77.0 255.255.255.0 10.10.77.0 255.255.255.0

access-list inside_access_out extended permit icmp any any

access-list inside_access_out extended permit udp any any

access-list inside_access_out extended permit ip any any

access-list inside_access_out extended permit tcp any any

access-list outside_access_out extended permit tcp any any

access-list outside_access_out extended permit udp any any

access-list outside_access_out extended permit ip any any

access-list outside_access_out extended permit icmp any any

pager lines 24

logging enable

logging asdm informational

mtu inside 1500

mtu outside 1500

ip local pool ghla 10.10.77.150-10.10.77.170 mask 255.255.255.0

ip local pool ghla-vpn 10.20.77.150-10.20.77.170 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

icmp permit 10.10.77.0 255.255.255.0 inside

icmp permit host 72.54.172.178 outside

icmp permit any outside

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (inside) 1 interface

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,outside) tcp interface ssh 10.10.77.1 ssh netmask 255.255.255.255

static (inside,outside) tcp interface smtp 10.10.77.1 smtp netmask 255.255.255.255

static (inside,outside) tcp interface pop3 10.10.77.1 www netmask 255.255.255.255

static (inside,outside) tcp interface 209

static (inside,outside) tcp interface 6666 10.10.77.1 6666 netmask 255.255.255.255

static (outside,inside) 0.0.0.0 65.67.106.48 netmask 255.255.255.248

access-group inside_access_in in interface inside

access-group inside_access_out out interface inside

access-group outside_access_in in interface outside

access-group outside_access_out out interface outside

route outside 0.0.0.0 0.0.0.0 65.67.106.54 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

group-policy ghla-vpn internal

group-policy ghla-vpn attributes

dns-server value 10.10.77.1 208.67.222.222

vpn-tunnel-protocol IPSec

split-tunnel-policy tunnelspecified

split-tunnel-network-list value ghla-vpn_splitTunnelAcl

default-domain value ghla-inc.com

group-policy ghla internal

group-policy ghla attributes

vpn-tunnel-protocol IPSec

client-firewall none

username ghla-vpn password XXX encrypted privilege 0

username ghla-vpn attributes

vpn-group-policy ghla-vpn

username ghla password XXX encrypted privilege 10

http server enable

http 72.54.172.178 255.255.255.255 outside

http 10.10.77.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outside_dyn_map 20 set pfs

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto dynamic-map outside_dyn_map 40 set pfs

crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

tunnel-group ghla type ipsec-ra

tunnel-group ghla general-attributes

address-pool ghla

default-group-policy ghla

tunnel-group ghla ipsec-attributes

pre-shared-key *

peer-id-validate cert

tunnel-group ghla ppp-attributes

authentication pap

authentication ms-chap-v2

authentication eap-proxy

tunnel-group ghla-vpn type ipsec-ra

tunnel-group ghla-vpn general-attributes

address-pool ghla-vpn

default-group-policy ghla-vpn

tunnel-group ghla-vpn ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd dns 208.x.x.222 208.67.220.220

dhcpd domain ghla-inc.com

dhcpd auto_config outside vpnclient-wins-override

dhcpd option 3 ip 10.10.77.254

dhcpd option 5 ip 10.10.77.1

!

dhcprelay server 10.10.77.1 inside

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp

!

service-policy global_policy global

ntp authenticate

ntp server 65.23.154.62 source outside prefer

smtp-server 10.10.77.1

prompt hostname context

Cryptochecksum:xxx

: end

ip local pool ghla 10.10.77.150-10.10.77.170 mask 255.255.255.0

ip local pool ghla-vpn 10.20.77.150-10.20.77.170 mask 255.255.255.0

access-list inside_nat0_outbound extended permit ip any 10.20.77.128 255.255.255.192

nat (inside) 0 access-list inside_nat0_outbound

include networks from the pools into inside_nat0_outbound ACL