Cisco ASA 5505 SSL vpn configuration

I am trying to config a new ASA5505 the base license for Anyconnect SSL vpn and finally  I am able to establish connection but i can't ping ASA ip or any inside host. I did a similar configuration on a different model and worked  without any issue.
I have attached the  config  the version 8.2(1) on ASA.  Aso  tried the same config on another similar model 5505 base license same sw ver same error.

Thanks
test-ssl-config.txt
Manojc3Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John MeggersNetwork ArchitectCommented:
You won't be able to ping the ASA inside IP, but you should be able to ping inside devices.  Your config looks right to me, and if the device is a 5505, my guess is you don't have another router inside, so devices probably have a default gateway pointing to the ASA.  (That's always a potential issue, whether the recipient of the pings knows where to send its response.)  Are you sure the device you're pinging on the inside will accept a ping?  Is there a personal firewall in operation that would block pings?  Can you ping that device from the ASA itself?

Manojc3Author Commented:
Yes the ping should work from vpn to inside interface and also as you mentioned for inside host.  I tried this on a ASA5510 and it works. The one I am testing on ASA5505 I connected one PC in inside network (IP 192.168.3.10 gw as ASA inside interface ip 192.168.3.1). From the inside pc i can ping ASA's internal ip 192.168.3.1. When i try to connect from PC on outside network i am able to establish Anyconnect but cannot ping the inside pc 192.168.3.10 or other inside host. I can see any connect client get the ip 172.16.0.1 and i am able to ping that ip only. Also another strange thing i noticed that when I  assign the vpnpool1 address to “tunnel-group AnyCnt general-attributes  “  I am not able to establish tunnel. It gives a message no ip address assign. When I remove the tunnel- group ip and assign it to “group-policy SSL_Grp attributes“it is able to establish tunnel.
Istvan KalmarHead of IT Security Division Commented:
HI,

At the first look the config seems good, did you reloaded the ASA?
This line is not need:
access-list ssl_split_tunnel standard permit 172.16.0.0 255.255.0.0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Manojc3Author Commented:
I reloaded  and it seem to be working fine.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.