So there is a hub and spoke topology. The client/remote ASA has clientvpn enabled. Traffic between the client and head-end site flows fine, but all Internet-destined traffic from the client site routes across the VPN and then to the Internet from the head-end location. I would like this Internet traffic to head out the local Internet connection. The split tunnel ACL is defined but doesn't seem to be working or is not configured properly. Also, there is no NAT configuration on the client ASA but I receive the following when I attempt to configure NAT:
[OK] access-list inside_nat0_outbound line 1 extended permit ip 10.130.50.0 255.255.255.0 10.130.100.0 255.255.255.0
[ERROR] nat (inside) 0 access-list inside_nat0_outbound tcp 0 0 udp 0
Policy NAT cannot be be configured with VPN Client enabled.
Any advice is appreciated!