Oh.. I guess I was too literal to the guide, as I did not make such rules. I had assumed doing all this would do that in the background.

I'm afraid there is no such thing when it comes to firewalls :))

Yeah it was wishful thinking. Also, like I mentioned earlier.. The Anyconnect Local Address Assignment is the new "virtual" IP Network that my remote device connects to and the FDM Local Network, is that the pre-existing Network I want the RA to have access to? Or is it too a virtual,new FDM located Network?

"The Anyconnect Local Address Assignment" is a pool of IP addresses, called also VPN Pool in the documentation, that are used to provide an IP address to the users connecting via Cisco AnyConnect.

This pool of addresses should be viewed like a "virtual" network connected to the firewall and you should configure ACL entries for it in order to access the inside network.

And yes, the FDM Local Network, is the pre-existing Network you want the RA to have access to.

Interesting. Ugh I removed all my configuration last night cause it did not work. I will redo it then figure out how and where to make the ACL's/NAT.

1. You need to assign the VPN pool a unique subnet, not used on any other connected interface in the firewall.

2. Yes it does, but I would configure them more specific.

Ahh, I then probably asked my question earlier wrong.

I have a Network 192.168.5.0/24 which IS the actual LAN I use now... When creating, for the VPN, a FDM_Local_Pool, this is yet ANOTHER LAN Subnet outside of my existing?

So, in the end, I will have the Virtual Anyconnect [10.0.1.0/24] the FDM_Local [192.168.10.0/24 (Made specifically for the VLN/LAN)] and then then existing LAN 192.168.5.0/24 that I will then give access to?

---

I have a Network 192.168.5.0/24 which IS the actual LAN I use now... When creating, for the VPN, a FDM_Local_Pool, this is yet ANOTHER LAN Subnet outside of my existing?

Yes, that is correct. You define the VPN pool in the firewall configuration like this https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215532-configure-remote-access-vpn-on-ftd-manag.html#toc-hId-2085974521

So, in the end, I will have the Virtual Anyconnect [10.0.1.0/24] the FDM_Local [192.168.10.0/24 (Made specifically for the VLN/LAN)] and then then existing LAN 192.168.5.0/24 that I will then give access to?

---

You only need the VPN Anyconnect pool [10.0.1.0/24 for example] and the existing LAN 192.168.5.0/24 that you will then give access to.

I don't really understand what do you mean by "FDM_Local [192.168.10.0/24 (Made specifically for the VLN/LAN)]".

Alright, what I mean is when that guide says ' local network behind the FDM device' are they referring to the per-existing LAN I already have, I.E 192.168.5.0/24?

Correct.

Then something else is wrong, because if the Anyconnect_Pool would be defined under "any" in an ACL that I have and then the Existing LAN Network [192.168.5.0/24] has a NAT for a x.x.x.182 WAN IP...I should get throughput after a successful connection, but I do not.

When I connect, this is was the CLI says;

Maybe I didn't understand correctly what you where asking and there are a few things that might need attention.

Here is a video guide on how to configure RA VPN on the FTD: https://www.youtube.com/watch?v=Bov4BBCQeas

The configuration part is very short, first 10 minutes, and it touches all important steps you need to take care in order to make it work.