Cisco VPN client Reason 413: user authentication failed

We just added and configured a new Cisco ASA 5510. The VPN worked for a few days. Now, it doesn’t work (it may be some configurations changed). Whenever the VPN client (v3.6) tries to access the VPN, it displays the login screen. After entering the username and password, you will receive “Secure VPN connection terminated locally. Reason 413: user authentication failed”. Any suggestions?

ASA Version 7.0(5)
!
hostname chicagotech
domain-name default.domain.invalid
enable password BXdBI/nCX9W8gnaT encrypted
names
name 192.168.0.114 Chicagotech
name 192.168.0.112 IBM
name 192.168.0.117 Outer
name 192.168.102.0 DMZ
name 192.168.0.213 Color
name 192.168.0.95 USA8200
dns-guard
!
interface Ethernet0/0
 nameif Outside
 security-level 0
 ip address x.x.x.37 255.255.255.248
!
interface Ethernet0/1
 nameif Inside
 security-level 100
 ip address 192.168.0.250 255.255.255.0
!
interface Ethernet0/2
 nameif DMZ
 security-level 50
 ip address 192.168.102.250 255.255.255.0
!
interface Management0/0
 nameif management
 security-level 100
 no ip address
 management-only
!
ftp mode passive
access-list tac extended permit ip any host x.x.x.10
access-list tac extended permit ip host x.x.x.10 any
access-list out_to_inside extended permit tcp any host x.x.x.34 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8080
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.36 eq www
access-list out_to_inside extended permit tcp any host x.x.x.34 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.34 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.34 eq 13001
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 13001
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 3389
access-list out_to_inside extended permit tcp any host x.x.x.36 eq pop3
access-list out_to_inside extended permit tcp any host x.x.x.36 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.36 eq 8383
access-list out_to_inside extended permit icmp any any
access-list out_to_inside extended permit tcp any host x.x.x.35 eq www
access-list out_to_inside extended permit tcp any host x.x.x.38 eq www
access-list out_to_inside extended permit tcp any host x.x.x.35 eq 8383
access-list out_to_inside extended permit tcp any host x.x.x.35 eq smtp
access-list out_to_inside extended permit tcp any host x.x.x.35 eq pop3
access-list out_to_inside extended permit tcp any host 1x.x.x.36 eq pptp
access-list Inside_nat0_outbound extended permit ip any 192.168.101.0 255.255.25
5.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu DMZ 1500
mtu management 1500
ip local pool 101 192.168.101.1-192.168.101.254 mask 255.255.255.0
asdm image disk0:/asdm505.bin
no asdm history enable
arp timeout 14400
global (Outside) 10 interface
nat (Inside) 0 access-list Inside_nat0_outbound
nat (Inside) 10 0.0.0.0 0.0.0.0
nat (management) 10 0.0.0.0 0.0.0.0
static (Inside,Outside) x.x.x.36 IBM netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.34 Colormyrug netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.35 Chicagotech netmask 255.255.255.255 dns
static (Inside,Outside) x.x.x.38 Outerlogic netmask 255.255.255.255 dns
static (Inside,Outside) 1x.x.x.36 USA8200 netmask 255.255.255.255
access-group out_to_inside in interface Outside
route Outside 0.0.0.0 0.0.0.0 x.x.x.33 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy PPTPVPN internal
group-policy PPTPVPN attributes
 wins-server value 192.168.0.231
 dns-server value 192.168.0.231 4.2.2.1
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value PPTPVPN_splitTunnelAcl
 default-domain value cm.local
 webvpn
http server enable
http x.x.x.81 255.255.255.255 Outside
http 192.168.0.0 255.255.255.0 Inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
isakmp enable Outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group PPTPVPN type ipsec-ra
tunnel-group PPTPVPN general-attributes
 address-pool 101
 default-group-policy PPTPVPN
tunnel-group PPTPVPN ipsec-attributes
 pre-shared-key *
telnet 192.168.0.0 255.255.255.0 Inside
telnet timeout 10
ssh x.x.x.81 255.255.255.255 Outside
ssh x.x.x.246 255.255.255.255 Outside
ssh timeout 5
console timeout 0
dhcpd lease 3600
dhcpd ping_timeout 50
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global

Start Free Trial