I am able to  connect to my Cisco ISR 891 via VPN with the Cisco VPN Client 5.0.07.0440, but once connected I cannot access hosts on the inside. If I ping a host on the inside by name, nothing resolves. If I ping by IP, I get a reply from the public IP of the router. Sure I am missing something simple. Thanks!

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname XXX

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 XXX

enable password 7 XXX

!

aaa new-model

!

aaa authentication login vpnuserauth group radius local

aaa authorization network XXXVPN local

!

aaa session-id common

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3003131779

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3003131779

revocation-check none

rsakeypair TP-self-signed-3003131779

!

crypto pki certificate chain TP-self-signed-3003131779

certificate self-signed 01

        quit

no ip source-route

!

ip domain name xxxx.local

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

license udi pid CISCO891-K9 sn XXXX

!

username XXX privilege 15 secret 5 XXXX

!

ip ssh version 2

!

crypto isakmp policy 10

encr 3des

authentication pre-share

group 2

!

crypto isakmp client configuration group XXXVPN

key XXXVPNKEY

dns 192.168.77.25 8.8.8.8

domain xxxx.local

pool VPNPOOL

acl SPLIT-TUNNEL

!

crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac

!

crypto dynamic-map dynmap 1

set transform-set 3DES-SHA

reverse-route

!

crypto map CRYPTO-OUTSIDE client authentication list vpnuserauth

crypto map CRYPTO-OUTSIDE isakmp authorization list XXXVPN

crypto map CRYPTO-OUTSIDE client configuration address respond

crypto map CRYPTO-OUTSIDE 10 ipsec-isakmp dynamic dynmap

!

interface FastEthernet0

no ip address

spanning-tree portfast

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

shutdown

!

interface FastEthernet3

no ip address

shutdown

!

interface FastEthernet4

no ip address

shutdown

!

interface FastEthernet5

no ip address

shutdown

!

interface FastEthernet6

no ip address

shutdown

!

interface FastEthernet7

no ip address

shutdown

!

interface FastEthernet8

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map CRYPTO-OUTSIDE

!

interface Vlan1

ip address 192.168.77.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Async1

no ip address

encapsulation slip

!

ip local pool VPNPOOL 192.168.100.100 192.168.100.150

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 1 interface GigabitEthernet0 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0

ip route 0.0.0.0 0.0.0.0 XXXX 254

!

ip access-list extended NAT

deny   ip 192.168.77.0 0.0.0.255 192.168.100.0 0.0.0.255

permit ip 192.168.77.0 0.0.0.255 any

ip access-list extended SPLIT-TUNNEL

permit ip 192.168.77.0 0.0.0.255 192.168.100.0 0.0.0.255

!

ip radius source-interface Vlan1

access-list 1 permit 192.168.77.0 0.0.0.255

!

snmp-server community mdv RO

radius-server host 192.168.77.27 key 7 XXXX

!

control-plane

!

mgcp profile default

!

line con 0

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

privilege level 15

password 7 XXXX

transport input telnet ssh

!

scheduler max-task-time 5000

end