Yes, I tried it both ways.

Can you share your configuration with us?

Thanks,
Varun Rao
Security Team,
Cisco TAC

interface Ethernet0/0

speed 100

duplex full

nameif outside

security-level 0

ip address X.X.X.X 255.255.255.248

!

interface Ethernet0/1

speed 100

duplex full

nameif inside

security-level 100

ip address 192.168.60.3 255.255.255.0

!

interface Ethernet0/2

shutdown

no nameif

no security-level

no ip address

!

interface Ethernet0/3

speed 100

duplex full

shutdown

no nameif

security-level 0

no ip address

!

interface Management0/0

nameif management

security-level 100

ip address 192.168.1.1 255.255.255.0

management-only

!

boot system disk0:/asa844-1-k8.bin

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

dns server-group DefaultDNS

domain-name XXXXXXXXXXX.org

same-security-traffic permit inter-interface

object network obj-192.168.197.0

subnet 192.168.197.0 255.255.255.192

object network SERVERX-server

host 192.168.53.150

object service obj-udp-source-eq-5008-eq-5008

service udp source eq 5008 destination eq 5008

object service obj-udp-eq-5008

service udp source eq 0 destination eq 5008

object service obj-tcp-source-eq-5008-eq-5008

service tcp source eq 5008 destination eq 5008

object service obj-tcp-eq-5008

service tcp source eq 0 destination eq 5008

object network obj_any

subnet 0.0.0.0 0.0.0.0

object network obj_any-01

subnet 0.0.0.0 0.0.0.0

object network obj-0.0.0.0

host 0.0.0.0

object network obj_any-02

subnet 0.0.0.0 0.0.0.0

object-group network Inside-Networks

description All Inside networks

network-object inside-172networks 255.255.0.0

network-object inside-192networks 255.255.0.0

object-group network SPECIAL-NET-Networks

description SPECIAL-NET-Subnets

network-object 192.168.53.0 255.255.255.0

network-object 192.168.93.0 255.255.255.0

network-object 192.168.94.0 255.255.255.0

network-object 192.168.95.0 255.255.255.0

object-group service DM_INLINE_SERVICE_1

service-object icmp

service-object icmp echo

object-group service DM_INLINE_SERVICE_2

service-object icmp

service-object icmp echo

access-list outside_access_in extended permit icmp any any echo-reply

access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any any

access-list outside_access_in remark Access to SERVERX Server

access-list outside_access_in extended permit udp any object SERVERX-server eq 5008

access-list outside_access_in remark Access to SERVERX

access-list outside_access_in extended permit tcp any object SERVERX-server eq 5008

access-list outside_access_in extended permit ip any any log

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended deny ip any any log

access-list inside_nat_outbound extended permit udp object SERVERX-server eq 5008 any eq 5008

access-list inside_nat_outbound extended permit tcp object SERVERX-server eq 5008 any eq 5008

access-list inside_nat0_outbound extended permit ip any 192.168.197.0 255.255.255.192

access-list inside_access_in_1 extended permit object-group DM_INLINE_SERVICE_1 any any

access-list inside_access_in_1 extended permit icmp any any echo-reply

access-list inside_access_in_1 extended permit ip any any

pager lines 24

logging enable

logging timestamp

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool VPNUSERS 192.168.197.1-192.168.197.50 mask 255.255.255.0

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-649.bin

no asdm history enable

arp timeout 14400

nat (inside,any) source static any any destination static obj-192.168.197.0 obj-192.168.197.0 no-proxy-arp route-lookup

nat (inside,outside) source dynamic SERVERX-server interface service obj-udp-source-eq-5008-eq-5008 obj-udp-eq-5008

nat (inside,outside) source dynamic SERVERX-server interface service obj-tcp-source-eq-5008-eq-5008 obj-tcp-eq-5008

!

object network obj_any

nat (inside,outside) dynamic interface

object network obj_any-01

nat (inside,outside) dynamic obj-0.0.0.0

object network obj_any-02

nat (management,outside) dynamic obj-0.0.0.0

access-group outside_access_in in interface outside

access-group inside_access_in_1 in interface inside

route outside 0.0.0.0 0.0.0.0 207.30.22.97 1

timeout xlate 3:00:00

timeout pat-xlate 0:00:30

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

timeout floating-conn 0:00:00

dynamic-access-policy-record DfltAccessPolicy

user-identity default-domain LOCAL

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authorization command LOCAL

http server enable

http 192.168.1.0 255.255.255.0 management

http x.x.x.x.0 255.255.254.0 outside

http x.x.x.x.0 255.255.254.0 outside

http 192.168.197.0 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac

crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5

crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP

crypto map outside_map interface outside

crypto ikev1 enable outside

crypto ikev1 policy 10

authentication pre-share

encryption 3des

hash sha

group 2

lifetime 86400

crypto ikev1 policy 30

authentication pre-share

encryption aes-256

hash sha

group 2

lifetime 86400

telnet timeout 5

ssh x.x.x.x.0 255.255.254.0 outside

ssh x.x.x.x.0 255.255.254.0 outside

ssh 192.168.197.0 255.255.255.0 inside

ssh timeout 5

ssh key-exchange group dh-group1-sha1

console timeout 0

management-access inside

dhcpd address 192.168.1.2-192.168.1.254 management

dhcpd enable management

!

priority-queue outside

threat-detection basic-threat

threat-detection statistics access-list

no threat-detection statistics tcp-intercept

ntp server 132.163.4.101 source outside prefer

webvpn

group-policy VPNUSERS internal

group-policy VPNUSERS attributes

wins-server value 192.168.20.167 192.168.93.3

dns-server value 192.168.20.167 192.168.93.3

vpn-tunnel-protocol ikev1

default-domain value XXXXXXXXXXXX.org

username xxxxxxxx password xxxxxxxxxxxxxxxxx

tunnel-group VPNUSERS type remote-access

tunnel-group VPNUSERS general-attributes

address-pool VPNUSERS

default-group-policy VPNUSERS

tunnel-group VPNUSERS ipsec-attributes

ikev1 pre-shared-key *****

tunnel-group WP-remote type remote-access

tunnel-group WP-remote general-attributes

address-pool VPNUSERS

tunnel-group WP-remote ipsec-attributes

ikev1 pre-shared-key *****

!

class-map inspection_default

match default-inspection-traffic

!

!

policy-map type inspect dns preset_dns_map

parameters

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect icmp

  inspect ip-options

!

service-policy global_policy global

prompt hostname context

no call-home reporting anonymous

call-home

profile CiscoTAC-1

  no active

  destination address http

https://tools.cisco.com/its/service/oddce/services/DDCEService

  destination address email

callhome@cisco.com

  destination transport-method http

  subscribe-to-alert-group diagnostic

  subscribe-to-alert-group environment

  subscribe-to-alert-group inventory periodic monthly

  subscribe-to-alert-group configuration periodic monthly

  subscribe-to-alert-group telemetry periodic daily

Cryptochecksum:1029ff912312218ed6dff586a112f461

: end

asdm image disk0:/asdm-649.bin

asdm location SERVERX-server 255.255.255.255 inside

no asdm history enable

Pls remove the following NAT as it is incorrect:

object network obj_any-01

nat (inside,outside) dynamic obj-0.0.0.0

object network obj_any-02

nat (management,outside) dynamic obj-0.0.0.0

You can't PAT to 0.0.0.0.

Also, can you pls advise what you are trying to ping to and from?

I had made the changes you suggested, I had also changed my NAT to an unused IP one higer then the one on my WAN interface. (which has a .248 mask /29)

Using ASDM Ping tool and packet trace tool I am able to ping from the WAN but not the LAN (INSIDE) interface.

I do not have a tech on site and inside interface is UP.

You can't ping from inside interface towards an outside host. Please try to ping from an inside host towards an outside host and see if that works.

Why is that we cannot ping an outside host from an inside interface, isn't that essentially one of the main reasons for the ping and packet trace tool to begin with, so we can test without having someone there with a PC on the interface? If I recall correctly this used to work prior to v8.03

With the packet tracer, you can actually specify an inside host, instead of the inside interface.