I have managed to get Cisco Client VPN's and a Site-to-Site office VPN (Cisco 877) onto my Cisco ASA and all working, until I issued the "no sysopt connection permit-vpn" command. This stops VPN traffic from being exempt from access-lists.
I want to control the VPN's by access list and have create all the correct rules for "outside_access_in" and they VPN's can connect to the servers on the ports needed. Now the only thing they can't access is the internet which they could before I issued that command.
If I add "permit tcp object-group VPN_Remote_Networks 0.0.0.0 0.0.0.0 object-group Http-Https" then they can access the Internet but it also means they can access any webservers on the inside. Can I create a rule that only applies to their outbound traffic to the internet?