Question : VPN issue with ASA firewall

Hi, I have configured a VPN on a Cisco ASA firewall, and my client software (Cisco VPN Client) is connect group authentication is done but when i try with username it's disconnect.

--------

interface GigabitEthernet0/0
speed 1000
duplex full
nameif perimeter
security-level 0
ip address 74.201.55.241 255.255.255.0
!
interface GigabitEthernet0/1
nameif dmz
security-level 100
ip address 172.20.2.241 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
boot system disk0:/asa804-k8.bin
ftp mode passive
clock timezone CDT -6
dns domain-lookup dmz
dns server-group DefaultDNS
name-server 172.16.1.10
name-server 172.16.1.9

interface GigabitEthernet0/0
speed 1000
duplex full
nameif perimeter
security-level 0
ip address 74.201.55.241 255.255.255.0
!
interface GigabitEthernet0/1
nameif dmz
security-level 100
ip address 172.20.2.241 255.255.255.0
!
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!

ip local pool vpnpool 172.18.2.5-172.18.2.50
no failover

global (perimeter) 1 74.201.55.4
nat (dmz) 0 access-list inside_outbound_nat0_acl
nat (dmz) 1 172.16.0.0 255.240.0.0
static (dmz,perimeter) 74.201.55.5 172.20.2.60 netmask 255.255.255.255
static (dmz,perimeter) 74.201.55.6 172.20.2.61 netmask 255.255.255.255
static (dmz,perimeter) 74.201.55.7 172.20.2.62 netmask 255.255.255.255
static (dmz,perimeter) 74.201.55.8 172.20.2.79 netmask 255.255.255.255
static (dmz,perimeter) 74.201.55.9 172.18.2.100 netmask 255.255.255.255
access-group perimeter in interface perimeter
route perimeter 0.0.0.0 0.0.0.0 74.201.55.200 1
route dmz 10.0.0.0 255.0.0.0 172.20.2.1 1
route dmz 146.82.131.192 255.255.255.240 172.20.2.1 1
route dmz 157.209.2.50 255.255.255.255 172.20.2.1 1
route dmz 157.209.4.29 255.255.255.255 172.20.2.1 1
route dmz 172.16.0.0 255.240.0.0 172.20.2.1 1
route dmz 192.168.0.0 255.255.0.0 172.20.2.1 1
route dmz 208.50.123.0 255.255.255.0 172.20.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 172.16.0.0 255.255.0.0 dmz
http 172.18.0.0 255.255.0.0 dmz
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server community k33p0ut
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 10 set security-association lifetime kilobytes 4608000
crypto map outside_map 20 set transform-set ESP-3DES-MD5
crypto map outside_map 20 set security-association lifetime seconds 28800
crypto map outside_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface perimeter
crypto isakmp identity hostname
crypto isakmp enable perimeter
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 172.16.0.0 255.240.0.0 dmz
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy SecureMeGrp internal
group-policy SecureMeGrp attributes
default-domain value cgx.com
username admin password QlHp4L64rJSntxkZ encrypted privilege 15
username ciscouser password jmINXNH6p1BxUppp encrypted
tunnel-group 208.48.17.241 type ipsec-l2l
tunnel-group 208.48.17.241 ipsec-attributes
pre-shared-key *
tunnel-group ciscovpn type remote-access
tunnel-group ciscovpn general-attributes
address-pool vpnpool
tunnel-group ciscovpn ipsec-attributes
pre-shared-key *
!
class-map inspection_default
match default-inspection-traffic
!

Answer : VPN issue with ASA firewall

Your Split tunneling is not working properly.

Did you keep these lines?
access-list SPLIT standard permit 172.16.0.0 255.255.0.0
access-list SPLIT standard permit 172.18.0.0 255.255.0.0
access-list SPLIT standard permit 172.20.0.0 255.255.0.0

Make sure this entry is still there after changing the SPLIT acl
group-policy SecureMeGrp attributes
split-tunnel-network-list value SPLIT <===

Random Solutions

Viewing the History of IE browsing after accidentally deleted

How To export SWF file from SwiShMAx as color and not Grey?

Cannot open password protected user folder inwin xp

Why is nmon showing 8 CPU when I have 4 physical CPU and no partitions?

How to remove hidden files in several folders (OS X 10.5)

odbc docu 'Perform translation for character data'

Powershell foreach-object, supply values for the following parameters

Microsoft, Windows , XP SP2, Task Scheduler - Open Browser without Window

Mount NTFS valume on RHEL WS 4