I am trying to see if this can be done... I know the best practice is to give VPN clients IP addresses on a different subnet than the ASA's interfaces, but in my current situation, I need them to have the same addresses as the company LAN. We have many existing client VPN's from a head office router, where changing ACL's on every tunnel to accommodate AnyConnect clients is not an option. I need to find a way that AnyConnect clients can connect to our Remote Access Firewall, but still allow traffic through existing Client VPN tunnels, without modifying the existing client VPN configurations. A diagram might explain it better (see below).
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...