I have got an issue connecting VPN client to ASA. VPN point to point with other sites is working fine. Please see blow for current scenario.
Current Remote VPN connectivity and settings
ASA 5552x (IOS v8.6, ADSM v6.6) communicates with internal Radius server (Windows 2008 + NPS) via standard Radius port
The internal radius server currently link to AD server (Windows 2008) for AD user database
IP DHCP is assigned by the ASA
Remote user login using Windows XP L2TP/IPsec with a pre-shared key and his domain login and password
Current situation and problems:
The user can login with their valid AD account. The remote laptop receives a correct IP address from the ASA IP DHCP pool (192.168.210.231-192.168.210.250). However, the remote laptop CANNOT communicate with other internal networks (i.e.: PING)
The remote laptop CAN PING the VPN interface (outside) of the ASA.
There is a VPN remote connection established (IKEv1) when logging into the ASA (see below)
Note: The ASA configuration code is attached (Most of the configuration codes were configured with ADSM)
Having a look on your config, it seems you have missed reverse route injection under dynamic crypto map.
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP set reverse-route
ASA must know how to reach back to vpn client. By using reverse route injection,VPN client inject a static route on ASA to reach itself .As well as if you configure any routing protocol then this static route must be redistributed so that internal client know how to reach vpn client. Otherwise default route pointing towards ASA internal interface also works on internal hosts.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...