asa 5505 vpn l2tp

[daysleeper]

Salve a tutti,
sto cercando di configurare una vpn l2tp per usare il client dei pc miscrosoft con la presharedkey ma la cosa non funziona, riesco a far collegare i client ma quando si collegano non riescono ad accedere alla lan, ho controllato su i client e praticamente ho visto che manca la route verso la lan interna, se la aggiungo manualmente con un route add tutto va...come posso fare a far aggiungere sta route automaticamente quando il client si connette?
La config è la seguente:


hostname SintesiAsa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.14 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.248
!
interface Ethernet00
switchport access vlan 2
!
interface Ethernet01
!
interface Ethernet02
!
interface Ethernet03
!
interface Ethernet04
!
interface Ethernet05
!
interface Ethernet06
!
interface Ethernet07
!
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 151.99.125.1
name-server 151.99.0.100
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list incoming extended permit icmp any any
access-list inside_access_out extended permit udp any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit tcp any any
access-list inside_nat0_outbound extended permit ip any 10.0.0.0 255.255.255.0
access-list inside_access_in extended permit udp any any
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit tcp any any
access-list outside_access_in extended permit icmp any any
access-list vpn_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
pager lines 24
logging enable
logging list all level informational
logging asdm informational
logging flash-bufferwrap
mtu inside 1500
mtu outside 1500
ip local pool clientVPNpool 10.0.0.1-10.0.0.100 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group inside_access_in in interface inside
access-group inside_access_out out interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 yyy.yyy.yyy.yyy 1
timeout xlate 30000
timeout conn 10000 half-closed 01000 udp 00200 icmp 00002
timeout sunrpc 01000 h323 00500 h225 10000 mgcp 00500 mgcp-pat 00500
timeout sip 03000 sip_media 00200 sip-invite 00300 sip-disconnect 00200
timeout sip-provisional-media 00200 uauth 00500 absolute
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set l2tp-transform esp-3des esp-sha-hmac
crypto ipsec transform-set l2tp-transform mode transport
crypto ipsec transform-set vpn-transform esp-aes-256 esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set transform-set TRANS_ESP_3DES_MD5
crypto dynamic-map dyn-map 10 set transform-set l2tp-transform vpn-transform
crypto dynamic-map dyn-map 10 set reverse-route
crypto map outside_map 20 ipsec-isakmp dynamic outside_dyn_map
crypto map vpn-map 10 ipsec-isakmp dynamic dyn-map
crypto map vpn-map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto isakmp policy 15
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet timeout 5
ssh 192.168.0.0 255.255.255.0 inside
ssh timeout 20
console timeout 0
l2tp tunnel hello 100
dhcpd auto_config outside
!

group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 151.99.125.1
vpn-tunnel-protocol IPSec l2tp-ipsec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username provola password 5qrbkVgiBOq7FsDfoTlEkg== nt-encrypted
tunnel-group DefaultRAGroup general-attributes
address-pool clientVPNpool
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
prompt hostname context

end