Cisco Client VPN Setup problem (Can connect, but no traffic)

[PcClone]

I was looking for a bit of help with our VPN config. I am able to connect just fine, but I do not get any traffic back. I searched the forums and tried some of the different things that were suggested for others to no avail.

The pix shows the traffic being decrypted and encrypted back, but the client shows a 0 byte recieved count. The config is below, please let me know what you guys think.

TIA!

: Saved
:
PIX Version 6.3(4)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
interface ethernet3 auto
interface ethernet4 auto shutdown
interface ethernet5 auto shutdown
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 softdmz security90
nameif ethernet3 harddmz security30
nameif ethernet4 intf4 security25
nameif ethernet5 intf5 security20
enable password <removed> encrypted
passwd <removed> encrypted
hostname firewall
domain-name ourdomain.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list compiled
access-list outside permit icmp any any
access-list outside permit tcp any host 00.22.333.3 eq www
access-list outside permit tcp any host 00.22.333.3 eq 3389
access-list outside permit tcp any host 00.22.333.2 eq smtp
access-list outside permit tcp any host 00.22.333.2 eq ssh
access-list outside permit tcp any host 00.22.333.3 eq https
access-list outside permit tcp any host 00.22.333.100 eq ssh
access-list outside permit tcp any host 00.22.333.100 eq ftp
access-list outside permit tcp any host 00.22.333.175 eq www
access-list outside permit tcp any host 00.22.333.175 eq https
access-list outside permit tcp any host 00.22.333.175 eq smtp
access-list outside permit tcp any host 00.22.333.176 eq www
access-list outside permit tcp any host 00.22.333.176 eq https
access-list outside permit tcp any host 00.22.333.176 eq smtp
access-list outside permit tcp any host 00.22.333.177 eq www
access-list outside permit tcp any host 00.22.333.177 eq https
access-list outside permit tcp any host 00.22.333.177 eq smtp
access-list outside permit tcp any host 00.22.333.178 eq www
access-list outside permit tcp any host 00.22.333.178 eq https
access-list outside permit tcp any host 00.22.333.178 eq smtp
access-list outside permit tcp any host 00.22.333.179 eq www
access-list outside permit tcp any host 00.22.333.179 eq https
access-list outside permit tcp any host 00.22.333.179 eq smtp
access-list outside permit tcp any host 00.22.333.180 eq www
access-list outside permit tcp any host 00.22.333.180 eq https
access-list outside permit tcp any host 00.22.333.180 eq smtp
access-list outside permit tcp any host 00.22.333.181 eq www
access-list outside permit tcp any host 00.22.333.181 eq https
access-list outside permit tcp any host 00.22.333.181 eq smtp
access-list outside permit tcp any host 00.22.333.182 eq www
access-list outside permit tcp any host 00.22.333.182 eq https
access-list outside permit tcp any host 00.22.333.182 eq smtp
access-list outside permit tcp any host 00.22.333.183 eq www
access-list outside permit tcp any host 00.22.333.183 eq https
access-list outside permit tcp any host 00.22.333.183 eq smtp
access-list outside permit tcp any host 00.22.333.184 eq www
access-list outside permit tcp any host 00.22.333.184 eq https
access-list outside permit tcp any host 00.22.333.184 eq smtp
access-list outside permit tcp any host 00.22.333.185 eq www
access-list outside permit tcp any host 00.22.333.185 eq https
access-list outside permit tcp any host 00.22.333.185 eq smtp
access-list outside permit tcp any host 00.22.333.186 eq www
access-list outside permit tcp any host 00.22.333.186 eq https
access-list outside permit tcp any host 00.22.333.186 eq smtp
access-list outside permit tcp any host 00.22.333.187 eq www
access-list outside permit tcp any host 00.22.333.187 eq https
access-list outside permit tcp any host 00.22.333.187 eq smtp
access-list outside permit tcp any host 00.22.333.188 eq www
access-list outside permit tcp any host 00.22.333.188 eq https
access-list outside permit tcp any host 00.22.333.188 eq smtp
access-list outside permit tcp any host 00.22.333.189 eq www
access-list outside permit tcp any host 00.22.333.189 eq https
access-list outside permit tcp any host 00.22.333.189 eq smtp
access-list outside permit tcp any host 00.22.333.190 eq www
access-list outside permit tcp any host 00.22.333.190 eq https
access-list outside permit tcp any host 00.22.333.190 eq smtp
access-list outside permit tcp any host 00.22.333.191 eq www
access-list outside permit tcp any host 00.22.333.191 eq https
access-list outside permit tcp any host 00.22.333.191 eq smtp
access-list outside permit tcp any host 00.22.333.192 eq www
access-list outside permit tcp any host 00.22.333.192 eq https
access-list outside permit tcp any host 00.22.333.192 eq smtp
access-list outside permit tcp any host 00.22.333.193 eq www
access-list outside permit tcp any host 00.22.333.193 eq https
access-list outside permit tcp any host 00.22.333.193 eq smtp
access-list outside permit tcp any host 00.22.333.194 eq www
access-list outside permit tcp any host 00.22.333.194 eq https
access-list outside permit tcp any host 00.22.333.194 eq smtp
access-list outside permit tcp any host 00.22.333.195 eq www
access-list outside permit tcp any host 00.22.333.195 eq https
access-list outside permit tcp any host 00.22.333.195 eq smtp
access-list outside permit tcp any host 00.22.333.196 eq www
access-list outside permit tcp any host 00.22.333.196 eq https
access-list outside permit tcp any host 00.22.333.196 eq smtp
access-list outside permit tcp any host 00.22.333.197 eq www
access-list outside permit tcp any host 00.22.333.197 eq https
access-list outside permit tcp any host 00.22.333.197 eq smtp
access-list outside permit tcp any host 00.22.333.198 eq www
access-list outside permit tcp any host 00.22.333.198 eq https
access-list outside permit tcp any host 00.22.333.198 eq smtp
access-list outside permit tcp any host 00.22.333.199 eq www
access-list outside permit tcp any host 00.22.333.199 eq https
access-list outside permit tcp any host 00.22.333.199 eq smtp
access-list outside permit tcp any host 00.22.333.200 eq www
access-list outside permit tcp any host 00.22.333.200 eq https
access-list outside permit tcp any host 00.22.333.200 eq smtp
access-list outside permit icmp any any unreachable
access-list from-softdmz-to-inside permit ip host 192.168.16.3 any
access-list from-softdmz-to-inside permit icmp host 192.168.16.2 any
access-list from-softdmz-to-inside permit tcp host 192.168.16.2 any eq domain
access-list from-softdmz-to-inside permit tcp host 192.168.16.2 any eq ssh
access-list from-softdmz-to-inside permit udp host 192.168.16.2 any eq domain
access-list from-softdmz-to-inside permit ip host 192.168.16.100 any
access-list from-softdmz-to-inside permit tcp host 192.168.16.2 any eq smtp
access-list from-harddmz-interface permit icmp any any
access-list from-harddmz-interface permit tcp any any eq smtp
access-list from-harddmz-interface permit tcp any any eq www
access-list from-harddmz-interface permit tcp any any eq https
access-list from-harddmz-interface permit udp any any eq domain
access-list nonat permit ip 192.168.0.0 255.255.0.0 10.10.10.0 255.255.255.0
access-list nonat permit ip 192.168.0.0 255.255.240.0 192.168.16.0 255.255.255.0
access-list vpn_traffic permit ip 192.168.1.0 255.255.255.0 192.168.13.0 255.255.255.0
pager lines 24
logging console debugging
logging monitor debugging
mtu outside 1500
mtu inside 1500
mtu softdmz 1500
mtu harddmz 1500
mtu intf4 1500
mtu intf5 1500
ip address outside 00.22.333.250 255.255.255.0
ip address inside 192.168.1.254 255.255.255.0
ip address softdmz 192.168.16.254 255.255.255.0
ip address harddmz 192.168.17.254 255.255.255.0
no ip address intf4
no ip address intf5
ip audit info action alarm
ip audit attack action alarm
ip local pool BLIS_VPN_POOL 10.10.11.1-10.10.11.254 mask 255.255.255.0
ip local pool CORPORATE_VPN_POOL 10.10.10.1-10.10.10.254 mask 255.255.255.0
no failover
failover timeout 0:00:00
failover poll 15
no failover ip address outside
no failover ip address inside
no failover ip address softdmz
no failover ip address harddmz
no failover ip address intf4
no failover ip address intf5
pdm location 192.168.1.0 255.255.255.255 inside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 10 00.22.333.51-00.22.333.99 netmask 255.255.255.0
global (outside) 10 00.22.333.101-00.22.333.150 netmask 255.255.255.0
global (outside) 10 00.22.333.50 netmask 255.255.255.0
nat (inside) 0 access-list nonat
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (softdmz,outside) 00.22.333.2 192.168.16.2 netmask 255.255.255.255 0 0
static (softdmz,outside) 00.22.333.3 192.168.16.3 netmask 255.255.255.255 0 0
static (softdmz,outside) 00.22.333.100 192.168.16.100 netmask 255.255.255.255 0
0
static (softdmz,harddmz) 192.168.16.0 192.168.16.0 netmask 255.255.255.0 0 0
< statics for harddmz to outside removed >
0
static (inside,harddmz) 192.168.0.0 192.168.0.0 netmask 255.255.240.0 0 0
access-group outside in interface outside
access-group from-softdmz-to-inside in interface softdmz
access-group from-harddmz-interface in interface harddmz
route outside 0.0.0.0 0.0.0.0 00.22.333.254 1
route inside 192.168.2.0 255.255.255.0 192.168.1.250 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server RADIUS (inside) host 192.168.1.2 BIOsafe8600 timeout 10
aaa-server LOCAL protocol local
http server enable
http 209.245.22.19 255.255.255.255 outside
http 192.168.0.0 255.255.240.0 inside
snmp-server host inside 192.168.1.13
snmp-server location Somewhere, IL
snmp-server contact Me
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set BIOset esp-3des esp-md5-hmac
crypto dynamic-map BIOdyn 10 set transform-set BIOset
crypto map BIOmap 10 ipsec-isakmp dynamic BIOdyn
crypto map BIOmap client authentication RADIUS
crypto map BIOmap interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup corporate address-pool CORPORATE_VPN_POOL
vpngroup corporate dns-server 192.168.1.2 192.168.1.3
vpngroup corporate wins-server 192.168.1.2 192.168.1.3
vpngroup corporate default-domain ourdomain.com
vpngroup corporate idle-time 1800
vpngroup corporate password ********
telnet 192.168.0.0 255.255.240.0 inside
telnet 192.168.16.0 255.255.255.0 softdmz
telnet timeout 10
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
terminal width 80
Cryptochecksum:a2dd8008564c75fc6ffbff8314a49722
: end

 

[PcClone]

Also, when I do an ICMP trace it shows the src and dst interface as the inside interface if that helps anyone.

PC

 

[PcClone]

Also, I had a
access-list nonat permit ip 192.168.0.0 255.255.240.0 10.10.0.0 255.255.0.0

in the config as well but removed it for testing of other stuff.