I have two issue with SSL VPN configuration in ASA:
1- I have setup Microsoft IAS as RADIUS server for authentication. when I try to login to SSL VPN, the username and password in AD doesn't work and still I have to login with local username and password. RADIUS server is working with VPN client though.
2- I like when user acecss to webvpn, SVC package automatically download to client PC. But still clientless SSL VPN portal is shown rather than download SVC package.
Please find the show version and show run in the attachment.
When connecting with Cisco VPN client, your client tells ASA which group (tunnel-group) the connection belongs to. When connecting to SSL VPN portal, your connection by default belongs to "tunnel-group DefaultWEBVPNGroup". You will need to configure this:
2. You can add a drop-down box on the on the login page to select the group.
tunnel-group WohlerSSL webvpn-attributes
3. You can also have your RADIUS server return IETF RADIUS  Class attribute. For example: "ou=WohlerSSLPolicy;". This attribute refers to "group-policy", not "tunnel-group", so everyone would still connect under tunnel-group DefaultWEBVPNGroup, but you could assign various parameters to the client using group-policies.
4. If using local user database on ASA, you can also lock users into specific group policies.
username USERNAME password PASSWORD encrypted
username USERNAME attributes
group-lock value WohlerSSLPolicy
To answer you other question, you are looking for this:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...