Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Need help with ASA/VPN remote user problem

I am being introduced to the Cisco ASA/VPN device in a trial by fire and I need some help.

Scenario: A disaster recovery site that mimics the IP range of the home network.

Clients will VPN to DR, get an IP address and continue working just like they were at the office.

A VPN tunnel with no split-tunneling should take care of this since all traffic has to go to the ASA before being routed anywhere.

The Problem:I can get connected via VPN using AD authentication (User requirement) but I get no traffic flow. ADSM monitor shows 0 bytes TX and RX for my session. I'm hoping this is something simple that I am just missing and someone can help me out.

I've included an IP scrubbed version of the config.

Thanks! Steve

hostname ciscoasa

domain-name default.domain.invalid

enable password ************* encrypted


interface GigabitEthernet0/0

nameif outisde

security-level 0

ip address

interface GigabitEthernet0/1


no nameif

no security-level

no ip address

interface GigabitEthernet0/2


no nameif

no security-level

no ip address

Interface GigabitEthernet0/3

nameif inside

security-level 100

ip address

interface Management0/0


no nameif

no security-level

no ip address

passwd *************** encrypted

ftp mode passive

clock timezone EST -5

clock summer-time EDT recurring

access-list inside_nat0_outbound extended permit ip any

access-list outisde_cryptomap_dyn_20 extended permit ip any

access-list inbound extended permit ip any any log

access-list inbound extended permit icmp any any log

pager lines 24

logging enable

logging timestamp

logging buffer-size 1048576

logging buffered informational

mtu inside 1500

mtu outisde 1500

ip local pool AdminAccessPool mask

no failover

icmp permit any outisde

asdm image disk0:/asdm-504.bin

no asdm history enable

arp timeout 14400

nat (inside) 0 access-list inside_nat0_outbound

access-group inbound in interface outisde

route outisde 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00

timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server AdminAccessNT protocol nt

aaa-server AdminAccessNT host

timeout 5

nt-auth-domain-controller dc1

group-policy AdminAccess internal

group-policy AdminAccess attributes

wins-server value

dns-server value

default-domain value


http server enable

http inside

http outisde

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto dynamic-map outisde_dyn_map 20 match address outisde_cryptomap_dyn_20

crypto dynamic-map outisde_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outisde_map 65535 ipsec-isakmp dynamic outisde_dyn_map

crypto map outisde_map interface outisde

isakmp enable outisde

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash sha

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp policy 65535 authentication pre-share

isakmp policy 65535 encryption 3des

isakmp policy 65535 hash sha

isakmp policy 65535 group 2

isakmp policy 65535 lifetime 86400

tunnel-group AdminAccess type ipsec-ra

tunnel-group AdminAccess general-attributes

address-pool AdminAccessPool

authentication-server-group AdminAccessNT

default-group-policy AdminAccess

tunnel-group AdminAccess ipsec-attributes

pre-shared-key *

telnet timeout 5

ssh timeout 5

console timeout 0

CreatePlease login to create content