Well, but what about this: "The AnyConnect Software should use a pool IP from the firewall, so the local network should not matter." the firewall assigns everyone 172.16.16.XXX wouldnt that take care of not having to nat the internal network?
I thought your problem is your internal LAN IP Subnet clashes with users home LAN's?? Even if you give them and IP address of 220.127.116.11/24 when they want to access something over the VPN to your internal LAN, and that IP address happens to be the same as their home network - it will fail!
Ah, ok, i guess why i am questioning it so much is that a windows pc on the same home network using anyconnect vpn works fine, just the ipad doesnt like it. so i was hopeing it was just an anyconnect setting on the ipad that needed to be changed.
maybe its just the way apple handles networking and vpn differently over a windows computer. ill give the nat a shot. it just takes an act of congress to make a firewall change here at work since we farmed controll of it out to a security company.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...