Translation Key:
B - public ISR address
Y - public ASA address
V - VPN DHCP addresses

: Hardware:   ASA5508, 8192 MB RAM, CPU Atom C2000 series 2000 MHz, 1 CPU (8 cores)
!
ASA Version 9.12(4)54 
!
ip local pool IPPOOL V.V.V.1-V.V.V.254 mask 255.255.255.0
!
interface GigabitEthernet1/1
 speed 1000
 duplex full
 nameif OUTSIDE
 security-level 0
 ip address Y.Y.Y.151 255.255.255.128 
!
interface GigabitEthernet1/2
 speed 1000
 duplex full
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/2.927
 vlan 927
 nameif FW-INSIDE
 security-level 100
 ip address 172.24.16.1 255.255.252.0 
!
object network FW-INSIDE-NET
 subnet 172.24.16.0 255.255.252.0
!
object-group network FW-SEGMENTS
 network-object object HYPV2-MGMT-NET
 network-object object FW-INSIDE-NET
 network-object object DMZ-NET
object-group network CLIENT-VPN-IPPOOL
 network-object V.V.V.0 255.255.255.0
object-group network FW-LOCAL
 network-object 172.24.16.0 255.255.252.0
 network-object 172.24.32.0 255.255.252.0
 network-object 172.16.96.0 255.255.252.0
!
object-group network COMPANY-IPPOOL
 network-object V.V.V.0 255.255.255.0
!
object-group network VPN-LOCAL-205
 network-object 172.24.16.0 255.255.252.0
object-group network VPN-REMOTE-205
 network-object 10.245.167.0 255.255.255.0
!
access-list CLIENTVPN extended permit ip object-group FW-LOCAL object-group CLIENT-VPN-IPPOOL 
access-list CLIENTVPN extended permit ip object-group COMPANY-HAIRPIN object-group CLIENT-VPN-IPPOOL 
access-list CLIENTVPN extended permit ip object-group COMPANY-IPPOOL object-group CLIENT-VPN-IPPOOL 
access-list 205 extended permit ip object-group VPN-LOCAL-205 object-group VPN-REMOTE-205 
mtu OUTSIDE 1500
mtu FW-INSIDE 1500
ip verify reverse-path interface OUTSIDE
ip verify reverse-path interface FW-INSIDE
nat (any,OUTSIDE) source static FW-LOCAL FW-LOCAL destination static CLIENT-VPN-IPPOOL CLIENT-VPN-IPPOOL no-proxy-arp route-lookup
nat (any,OUTSIDE) source static COMPANY-HAIRPIN COMPANY-HAIRPIN destination static CLIENT-VPN-IPPOOL CLIENT-VPN-IPPOOL no-proxy-arp route-lookup
nat (OUTSIDE,OUTSIDE) source static COMPANY-IPPOOL COMPANY-IPPOOL destination static CLIENT-VPN-IPPOOL CLIENT-VPN-IPPOOL no-proxy-arp
nat (any,OUTSIDE) source static VPN-LOCAL-205 VPN-LOCAL-205 destination static VPN-REMOTE-205 VPN-REMOTE-205 no-proxy-arp route-lookup
!
access-group FW-INSIDE in interface FW-INSIDE
!
!
!
!
!
crypto ipsec ikev2 ipsec-proposal IKEV2-AES
 protocol esp encryption aes-gcm-256 aes-gcm-192 aes-gcm
 protocol esp integrity null
crypto ipsec security-association pmtu-aging infinite
!
crypto map VPNMAP 205 match address 205
crypto map VPNMAP 205 set peer B.B.B.148 
crypto map VPNMAP 205 set ikev2 ipsec-proposal IKEV2-AES
crypto map VPNMAP 205 set security-association lifetime seconds 28800
crypto map VPNMAP interface OUTSIDE
!
crypto ikev2 policy 120
 encryption aes-gcm-256 aes-gcm-192
 integrity null
 group 21 20 19 14
 prf sha512 sha384 sha256
!
crypto ikev2 enable OUTSIDE
!
!
!
!
group-policy COMPANY-TARGET internal
group-policy COMPANY-TARGET attributes
 dns-server value 172.24.16.98
 vpn-filter value COMPANY-VPN-FILTER
 vpn-tunnel-protocol ssl-client 
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value CLIENTVPN
 client-bypass-protocol enable
 address-pools value IPPOOL
 webvpn
  COMPANY ssl dtls enable
  COMPANY keep-installer installed
!
tunnel-group COMPANY-TARGET type remote-access
tunnel-group COMPANY-TARGET general-attributes
 default-group-policy COMPANY-TARGET
tunnel-group COMPANY-TARGET webvpn-attributes
 group-alias TARGET enable
!
tunnel-group B.B.B.148 type ipsec-l2l
tunnel-group B.B.B.148 ipsec-attributes
ikev2 remote-authentication pre-shared-key <REMOVED>
ikev2 local-authentication pre-shared-key <REMOVED>