Question : Cisco VPN client connect issue

I am using a ASA 5505 with the IPSEC VPN client.  The Cisco client version is vpnclient-win-msi-5.0.04.0300-k9.
I have the same clients installed on my XP and vista machines using the same VPN settings.  They are both on the same network.  On the XP computer I can connect to the VPN and access the internal subnet on the VPN side, but can't access the internet locally.  The vista computer connects as well, but cant access the network on the VPN side, but can access the internet.
Any idea what is going on?
Code Snippet: 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:

!access-list WSIVPN_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.16.0 255.255.240.0
access-list wsi_splitTunnelAcl standard permit any
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool WPI 192.168.20.10-192.168.29.30 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm location 10.10.103.0 255.255.255.0 inside
asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 160.7.252.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 10.10.103.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal  25
telnet 10.10.103.0 255.255.255.0 inside
telnet timeout 5
ssh 10.10.103.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
 
webvpn
 enable outside
 svc image disk0:/sslclient-win-1.1.0.154.pkg 1
 svc enable
group-policy WSIVPN internal
group-policy WSIVPN attributes
 dns-server value 10.10.103.5 160.7.240.4
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value WSIVPN_splitTunnelAcl
 default-domain value corp.wsi
group-policy wsi internal
group-policy wsi attributes
 dns-server value 10.10.103.5
 vpn-tunnel-protocol IPSec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value wsi_splitTunnelAcl
username rrtech01 password hKfNNQ5i1DtKy6pT encrypted privilege 15
username agent1 password pDU.hl3m.AxABQIa encrypted privilege 0
username agent1 attributes
 vpn-group-policy wsi
username agent2 password RYr3rDOYdEUU9wVx encrypted privilege 0
username agent2 attributes
 vpn-group-policy wsi
username matt password fUbxYy2FzS7.aNRE encrypted privilege 15
tunnel-group WSIVPN type ipsec-ra
tunnel-group WSIVPN general-attributes
 address-pool WPI
 default-group-policy WSIVPN
tunnel-group WSIVPN ipsec-attributes
 pre-shared-key *
tunnel-group wsi type ipsec-ra
tunnel-group wsi general-attributes
 address-pool WPI
 default-group-policy wsi
tunnel-group wsi ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:1d67289c74db3c8f3c719b911a838db0
ciscoasa(config)#
Open in New Window
Select All

Answer : Cisco VPN client connect issue

You are using split tunnel with this accesslist:
access-list wsi_splitTunnelAcl standard permit any

With split tunnel, you usually want to specify only the subnets on the far end of the VPN so that only the VPN traffic is captured allowing internet traffic out via the client's local lan.  

I would say to change the split tunnel ACE away from 'permit any' to 'permit 10.10.0.0 255.255.0.0'  (or whatever the internal lan happens to be).  

See if that helps you out any.

Random Solutions  
 
programming4us programming4us