Can the ASA VPN ip pools be configured to "reserve" addresses much like dhcp does for incoming client connections in the same group-policy?
Creating an individual policy group for each client would be unmanagable.
This is certainly possible, but it does require you to add an ipaddress to every username in the configuration. The ASA looks at the username entered by the remote user, and checks if it has an ipaddress configured with it's username.
You can find the configuration option in the ASDM here: Configuration -> VPN -> General -> Users. Edit a user and go to the VPN Policy tab, you will find the 'Dedicated IP Address' option at the bottom of the page.
If you want to configure this via console/telnet/ssh: go to configuration mode and type the following:
Make sure that the subnet matches the subnet of your already configured ip pool! If you use 192.168.10.0/24 as you ip pool, your configuration should look like this:
username testuser attributes
vpn-framed-ip-address 192.168.10.254 255.255.255.0
The address 192.168.10.254 should now always be assigned to user 'testuser'
Hope this post helps, please rate if it does!