The exempt NAT statement that I suggested is actually bidirectional, thats why you shuldn't need a Dynamic Nat policy on the outside interface.
"I don't understand why IP of VPN pool are terminating on the outside interface ?! "
There is a general misconception about VPNs that it is reffered as "extending internal network securely to outside". This also leads
some IT professionals to configure VPN pools which are in same subnet with inside network. This is wrong. VPN is generally used for establishing secure connection between trusted and untrusted networks. Establishing dynamic routing protocol connectivity, securing tftp, syslog and some other critical data within campus are also some other kinds of implementions of VPN.
After that intro, the brief answer for your question is "VPN clients are terminated on which interface you assign the crypto map, they use the IP address of the interface that crypto map is assigned".
Management access command has no relation with your issue.
Since I couldnt understand the nature of your inquiry, I cant make further suggestions, but I assume you got it sorted out.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :