Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Vpn Problem with ASA 7.04

I have a problem with vpn client access and local ip pool. In Pix version 6.3x when i created ip local pool an object was also created under Hosts/Network and there was no problem to give this object (ip pool) access outside_access_in , but

in my ASA 7.04 there are no object created under Hosts/Networks. I have tried to use a filter (Filter_Av_10) under "Group-Policy" but i can´t get any traffic trough (see configuration below). It´s only working when i give the network (ip pool) access outside_access_in (in Security Policy), is this the right way to do this?.

Could someone please explain this to me.

access-list Inside_access_in extended permit ip any any

access-list Outside_access_in extended permit icmp any any echo-reply

access-list Outside_access_in extended permit ip

access-list Filter_Av_10 extended permit ip

access-list easyv_av_butiker_splitTunnelAcl standard permit

access-list Outside_cryptomap_dyn_20 extended permit ip

global (Outside) 10 interface

global (DMZ) 10 interface

nat (DMZ) 10

nat (Inside) 0 access-list Inside_nat0_outbound

nat (Inside) 10

access-group Outside_access_in in interface Outside

access-group DMZ_access_in in interface DMZ

access-group Inside_access_in in interface Inside

access-group management_access_in in interface management

group-policy easyv_av_butiker internal

group-policy easyv_av_butiker attributes

vpn-filter value Filter_Av_10

split-tunnel-policy tunnelspecified

split-tunnel-network-list value easyv_av_butiker_splitTunnelAcl


username xxx password xxx encrypted privilege 15

username xxx password xxx encrypted privilege 0

username xxx attributes

vpn-group-policy easyv_av_butiker


crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac

crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac

crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac

crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20

crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-MD5

crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map

crypto map Outside_map interface Outside

isakmp enable Outside

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

tunnel-group easyv_av_butiker type ipsec-ra

tunnel-group easyv_av_butiker general-attributes

address-pool pool_10

default-group-policy easyv_av_butiker

tunnel-group easyv_av_butiker ipsec-attributes

pre-shared-key *



Re: Vpn Problem with ASA 7.04

To define the VPN Clients' IP address pool, perform the following tasks

Define the VPN Client's Local IP Address Pool

Reference the Local IP Address Pool to Reference IKE

Specify Gateway-initiated IKE Mode Configuration

The configuration given in the following url will give an idea to confiure VPN client.

CreatePlease to create content