Thank you Francesco

Not eff thought about that i will give it a try but never done some thinh like this. so i give it a try.

It is sunday so nice day to do things and have nobody around.

I will let you know and thanks for the offer to help

I did compleet step bij step like in https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.pdf but all travic goes stil true VLAN999.

Here is the config like it is now: it seems i need a little help...

: Saved

: 
: Serial Number: JAD2042014S
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.6(1) 
!
hostname ASA5506
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd hVxRMGvjmxCeVxgf encrypted
names
ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0

!
interface GigabitEthernet1/1
 description *** Ziggo2 ***
 mac-address aaaa.bbbb.cccc
 nameif VLAN999
 security-level 0
 ip address dhcp setroute 
 ipv6 enable
!
interface GigabitEthernet1/2
 description *** Ziggo1 ***
 mac-address aaaa.bbbb.cccc
 nameif VLAN998
 security-level 2
 ip address dhcp setroute 
 policy-route route-map PBR-ZIGGO1
!
interface GigabitEthernet1/3
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/3.1
 description *** Management ***
 vlan 1
 nameif VLAN1
 security-level 25
 ip address 10.10.50.2 255.255.255.0 
!
interface GigabitEthernet1/3.20
 description *** Office ***
 vlan 20
 nameif VLAN20
 security-level 0
 ip address 10.10.20.2 255.255.255.0 
 policy-route route-map PBR-ZIGGO2
 ipv6 enable
!
interface GigabitEthernet1/3.30
 description *** Wi-Fi ***
 vlan 30
 nameif VLAN30
 security-level 0
 ip address 10.10.30.2 255.255.255.0 
 policy-route route-map PBR-ZIGGO2
!
interface GigabitEthernet1/3.40
 description *** Printer ***
 vlan 40
 nameif VLAN40
 security-level 1
 ip address 10.10.40.2 255.255.255.0 
!
interface GigabitEthernet1/3.45
 description *** Server ***
 vlan 45
 nameif VLAN45
 security-level 2
 ip address 10.10.45.2 255.255.255.0 
 policy-route route-map RMAP-Gi1/3.45
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 description ***Telfort***
 mac-address aaaa.bbbb.cccc
 nameif VlAN997
 security-level 1
 ip address 10.10.60.2 255.255.255.0 
 policy-route route-map PBR-Telfort
!
interface Management1/1
 description *** ASA Management ***
 management-only
 nameif MNGT
 security-level 100
 ip address 10.10.100.2 255.255.255.0 
!
banner motd ************************************************************************
banner motd *                 Unauthorized access is prohibited                    *
banner motd ************************************************************************
banner motd * This system is to be used only by specifically authorized personnel. *
banner motd * Any unauthorized use of the system is unlawful, and may be subject   *
banner motd * to civil and/or criminal penalties.                                  *
banner motd *                                                                      *
banner motd * Any use of the system may be logged or monitored without further     *
banner motd * notice and resulting logs may be used as evidence in court.          *
banner motd ************************************************************************
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network OBJ-NET-VLAN1
 subnet 10.10.50.0 255.255.255.0
object network OBJ-NET-VLAN20
 subnet 10.10.20.0 255.255.255.0
object network OBJ-NET-VLAN30
 subnet 10.10.30.0 255.255.255.0
object network OBJ-NET-VLAN40
 subnet 10.10.40.0 255.255.255.0
object network OBJ-NET-VLAN45
 subnet 10.10.45.0 255.255.255.0
object network NETWORK_OBJ_192.168.100.0_26
 subnet 192.168.100.0 255.255.255.192
object network OBJ-NET-HOST-10.10.20.105
 host 10.10.20.105
object service OBJ-SRV-TCP-3389
 service tcp source eq 3389 
object service OBJ-SRV-TCP-5000_6000
 service tcp source range 5000 6000 
object network OBJ-NET-HOST-82.94.75.162
 host 82.94.75.162
object network OBJ-NET-HOST-82.94.75.163
 host 82.94.75.163
object network OBJ-NET-HOST-82.94.75.164
 host 82.94.75.164
object network OBJ-NET-HOST-82.94.75.165
 host 82.94.75.165
object network OBJ-NET-HOST-82.94.75.166
 host 82.94.75.166
object network OBJ-NET-HOST-10.10.45.10
 host 10.10.45.10
object network OBJ-NET-HOST-10.10.20.10
 host 10.10.20.10
object network 10.10.60.2
 host 10.10.60.2
object network VLAN997
 host 8.8.4.4
 description VLAN997
object-group network OBJ-GRP-NET-RFC1918
 network-object 10.0.0.0 255.0.0.0
 network-object 172.16.0.0 255.240.0.0
 network-object 192.168.0.0 255.255.0.0
access-list ACL-VLAN999-INBOUND remark *** Fritbox - Internetverkeer ***
access-list ACL-VLAN999-INBOUND extended permit icmp any any echo-reply 
access-list ACL-VLAN999-INBOUND extended permit icmp any any unreachable 
access-list ACL-VLAN999-INBOUND extended permit icmp any any time-exceeded 
access-list ACL-VLAN999-INBOUND extended permit icmp any any source-quench 
access-list ACL-VLAN999-INBOUND extended permit tcp 193.173.85.0 255.255.255.192 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN999-INBOUND remark Trans_ip Rdp
access-list ACL-VLAN999-INBOUND extended permit tcp host 37.97.201.18 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN999-INBOUND extended permit tcp any any range 5000 6000 
access-list ACL-VLAN998-INBOUND remark *** Ziggo - Internetverkeer ***
access-list ACL-VLAN998-INBOUND extended permit icmp any any echo-reply 
access-list ACL-VLAN998-INBOUND extended permit icmp any any unreachable 
access-list ACL-VLAN998-INBOUND extended permit icmp any any time-exceeded 
access-list ACL-VLAN998-INBOUND extended permit icmp any any source-quench 
access-list ACL-VLAN998-INBOUND remark Trans_ip Rdp
access-list ACL-VLAN998-INBOUND extended permit tcp host 37.97.201.18 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN998-INBOUND extended permit ip any any 
access-list ACL-VLAN998-INBOUND extended permit tcp any host 10.10.20.10 eq 3389 
access-list ACL-VLAN45-INBOUND remark *** RFC1918 ***
access-list ACL-VLAN45-INBOUND extended deny ip object OBJ-NET-VLAN45 object-group OBJ-GRP-NET-RFC1918 
access-list ACL-VLAN45-INBOUND remark *** Internetverkeer ***
access-list ACL-VLAN45-INBOUND extended permit ip any interface VLAN998 
access-list ACL-RMAP-VLAN45 extended deny ip object OBJ-NET-VLAN45 object-group OBJ-GRP-NET-RFC1918 
access-list ACL-RMAP-VLAN45 extended permit ip object OBJ-NET-VLAN45 any 
access-list ACL-VPN-SPLIT standard permit 10.10.0.0 255.255.0.0 
access-list ACL-PBR-ZIGGO2 extended permit ip 10.10.20.0 255.255.255.0 any 
access-list VlAN997_access_in extended permit icmp interface VLAN45 interface VlAN997 echo-reply 
access-list VLAN40_access_in remark *** Internetverkeer telfort ***
access-list VLAN40_access_in extended permit ip any interface VlAN997 
pager lines 24
logging enable
logging asdm informational
mtu VLAN999 1500
mtu VLAN998 1500
mtu VLAN1 1500
mtu VLAN20 1500
mtu VLAN30 1500
mtu VLAN40 1500
mtu VLAN45 1500
mtu VlAN997 1500
mtu MNGT 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (VLAN1,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN20,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN30,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN40,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN45,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN20,VLAN998) source static OBJ-NET-HOST-10.10.20.10 interface service OBJ-SRV-TCP-3389 OBJ-SRV-TCP-3389
nat (VLAN45,VLAN999) source static OBJ-NET-HOST-10.10.45.10 OBJ-NET-HOST-82.94.75.165
nat (VLAN1,VLAN999) source dynamic any interface
nat (VLAN20,VLAN999) source dynamic any interface
nat (VLAN30,VLAN999) source dynamic any interface
nat (VLAN40,VLAN999) source dynamic any interface
nat (VLAN1,VLAN998) source dynamic any interface
nat (VLAN20,VLAN998) source dynamic any interface
nat (VLAN30,VLAN998) source dynamic any interface
nat (VLAN40,VLAN998) source dynamic any interface
nat (VLAN45,VLAN999) source dynamic any interface
nat (VLAN45,VLAN998) source dynamic any interface
nat (VlAN997,VLAN40) source static VLAN997 VLAN997
nat (VLAN998,VLAN45) source static any any
access-group ACL-VLAN999-INBOUND in interface VLAN999
access-group ACL-VLAN998-INBOUND in interface VLAN998
access-group VLAN40_access_in in interface VLAN40
access-group ACL-VLAN45-INBOUND in interface VLAN45
access-group VlAN997_access_in in interface VlAN997
!
route-map PBR-ZIGGO1 permit 10
 match ip address ACL-VLAN998-INBOUND
 match interface VLAN998
 set ip next-hop 212.187.37.1

!
route-map PBR-ZIGGO2 permit 10
 match ip address ACL-PBR-ZIGGO2
 set ip next-hop 212.187.37.1

!
route-map RMAP-Gi1/3.45 permit 10
 match ip address ACL-RMAP-VLAN45
 set ip next-hop verify-availability 82.94.75.161 1 track 10

!
route-map PBR-Telfort permit 10
 match ip address VlAN997_access_in
 match interface VlAN997
 set ip next-hop 212.187.37.1

!
route VLAN999 8.8.4.4 255.255.255.255 192.168.200.1 1
route VLAN998 8.8.8.8 255.255.255.255 192.168.199.1 1
route VlAN997 193.173.85.4 255.255.255.255 192.168.200.1 1
route VLAN999 193.173.85.5 255.255.255.255 192.168.200.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication enable console LOCAL 
aaa authorization exec LOCAL auto-enable
http server enable
http 0.0.0.0 0.0.0.0 MNGT
http 0.0.0.0 0.0.0.0 VLAN20
http 0.0.0.0 0.0.0.0 VLAN999
no snmp-server location
no snmp-server contact
sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8 interface VLAN998
 timeout 300
 threshold 15000
 frequency 5
sla monitor schedule 1 life forever start-time now
sla monitor 2
 type echo protocol ipIcmpEcho 8.8.4.4 interface VLAN999
 timeout 300
 threshold 15000
 frequency 5
sla monitor schedule 2 life forever start-time now
sla monitor 3
 type echo protocol ipIcmpEcho 8.8.8.8 interface VLAN999
sla monitor schedule 3 life forever start-time now
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map VLAN20_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN20_map interface VLAN20
crypto map VLAN30_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN30_map interface VLAN30
crypto map VLAN40_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN40_map interface VLAN40
crypto map VLAN998_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN998_map interface VLAN998
crypto map VLAN45_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto ca trustpoint localtrust
 enrollment self
 fqdn sslvpn.4udomein.com
 subject-name CN=sslvpn.4udomein.com
 keypair sslvpnkey
 crl configure
crypto ca trustpool policy
crypto ca certificate chain localtrust
 certificate 6bd0bf58
    30820300 308201e8 a0030201 0202046b d0bf5830 0d06092a 864886f7 0d010105 
    05003042 311c301a 06035504 03131373 736c7670 6e2e3475 646f6d65 696e2e63 
    6f6d3122 30200609 2a864886 f70d0109 02161373 736c7670 6e2e3475 646f6d65 
    696e2e63 6f6d301e 170d3137 30333130 30373431 32305a17 0d323730 33303830 
    37343132 305a3042 311c301a 06035504 03131373 736c7670 6e2e3475 646f6d65 
    696e2e63 6f6d3122 30200609 2a864886 f70d0109 02161373 736c7670 6e2e3475 
    646f6d65 696e2e63 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 
    0f003082 010a0282 010100a1 b2fe7671 f610a388 6d51851c 502093f5 cb5a944b 
    6285bb0d 37a01743 532f1914 11494c9e fbdaae6e 2e08cdb0 328cb667 5942d4e6 
    cc5e61a5 fb692d38 f4d46f75 2f8227f8 245bc7df a467dc68 7621b0c2 13a36762 
    b7bfb486 14272c49 1eb14f1a a307c724 532cfa3d 50c8a646 9cc06d06 3f2efab4 
    e10d491b 54fc42cb bee423d0 4e8df04b 6154146e f095ee82 8f41364e c94c7533 
    913cc866 79c6a32a 11b13718 895e23cb bc7b3502 ad7e1013 78b34526 cee075c1 
    ffd74c4c 9f41299d 9f40207a dfe083b4 717c9853 96090207 6135d21d f0d55558 
    c952eda0 15a61b45 f13789d6 47c82828 4cdb6b03 806415d6 8c14157d f85f09c4 
    02ebe725 fe9bf345 f407c102 03010001 300d0609 2a864886 f70d0101 05050003 
    82010100 03b31914 58eeb2c6 3c23e006 8bd5a4f5 563503d2 03fcd341 8bcf451d 
    722a6d78 a57a9808 ad1a282c 77530dd5 24eca366 8455f14d 86e51ed9 426d9790 
    a1a274ec 2116ec1b 97506c2f 73fe491c b3706142 b5cba46f 890efa41 dc26053d 
    320204e4 2b21b7fc a6a2f521 1fffa05b c37de564 13cc4289 c8043907 b6b9f21c 
    0566c173 496a0a1d 5f9fa630 d51d76db 7e88a9d8 8c6aa3b0 29109dc6 d13dd6a5 
    01e17d31 5209671e ea139e42 40637c43 dbee0608 670fe6c1 72e73a85 e710bc1a 
    9d2f1d6b dded7d12 ffafe1d2 cc097a20 0595a446 a508f613 047250e7 1091bf87 
    68c813da 8cdd30d8 96598a1c 1a615f84 a21871a8 f8be0459 5dcfe69f 72a9fcf2 
    aadc283f
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable VLAN998 client-services port 443
crypto ikev2 enable VLAN20 client-services port 443
crypto ikev2 remote-access trustpoint localtrust
crypto ikev1 enable VLAN20
crypto ikev1 enable VLAN30
crypto ikev1 enable VLAN40
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
!
track 10 rtr 1 reachability
!
track 11 rtr 3 reachability
!
track 20 rtr 2 reachability
telnet timeout 5
ssh stricthostkeycheck
ssh 193.173.85.0 255.255.255.192 VLAN999
ssh 193.173.85.0 255.255.255.192 VLAN998
ssh 0.0.0.0 0.0.0.0 VLAN20
ssh 0.0.0.0 0.0.0.0 MNGT
ssh timeout 15
ssh key-exchange group dh-group1-sha1
console timeout 15

dhcp-client client-id interface VLAN999
dhcp-client client-id interface VLAN998
dhcpd address 10.10.50.200-10.10.50.250 VLAN1
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN1
dhcpd enable VLAN1
!
dhcpd address 10.10.20.200-10.10.20.250 VLAN20
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN20
dhcpd enable VLAN20
!
dhcpd address 10.10.30.200-10.10.30.250 VLAN30
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN30
dhcpd enable VLAN30
!
dhcpd address 10.10.40.200-10.10.40.250 VLAN40
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN40
dhcpd enable VLAN40
!
dhcpd address 10.10.45.200-10.10.45.250 VLAN45
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN45
dhcpd enable VLAN45
!
dhcpd address 10.10.100.200-10.10.100.250 MNGT
dhcpd dns 208.67.222.222 208.67.220.220 interface MNGT
dhcpd enable MNGT
!
ntp server 85.255.214.66 source VLAN999
ssl trust-point localtrust VLAN999
ssl trust-point localtrust VLAN998
ssl trust-point localtrust VLAN20
webvpn
 enable VLAN999
 enable VLAN998
 enable VLAN20
 anyconnect image disk0:/anyconnect-linux64-4.4.01054-webdeploy-k9.pkg 1
 anyconnect image disk0:/anyconnect-win-4.4.01054-webdeploy-k9.pkg 2
 anyconnect profiles 4uDomein_client_profile disk0:/4uDomein_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
 cache
  disable
 error-recovery disable
group-policy SSLCLient internal
group-policy SSLCLient attributes
 dns-server value 192.168.200.5
 vpn-tunnel-protocol ssl-client 
 default-domain value mysite.com
 address-pools value SSLClientPool
group-policy GroupPolicy_4uDomein internal
group-policy GroupPolicy_4uDomein attributes
 wins-server none
 dns-server value 10.10.20.100 10.10.20.101
 vpn-tunnel-protocol ikev1 ikev2 ssl-client 
 password-storage disable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ACL-VPN-SPLIT
 default-domain none
 webvpn
  anyconnect profiles value 4uDomein_client_profile type user
dynamic-access-policy-record DfltAccessPolicy
username Dave password L4o29iC9zK9nTS7P encrypted privilege 15
username Dave attributes
 service-type admin
username Davevpn password leb4YKzqGcsujPoJ encrypted privilege 15
username vlietd password Q101T2coMJVYHrL6 encrypted privilege 15
tunnel-group SSLClient type remote-access
tunnel-group SSLClient general-attributes
 default-group-policy SSLCLient
tunnel-group SSLClient webvpn-attributes
 group-alias MY_RA enable
tunnel-group 4uDomein type remote-access
tunnel-group 4uDomein general-attributes
 address-pool SSLClientPool
 default-group-policy GroupPolicy_4uDomein
tunnel-group 4uDomein webvpn-attributes
 group-alias 4uDomein enable
tunnel-group 4uDomein ipsec-attributes
 ikev1 trust-point localtrust
!
class-map inspection_default
 match default-inspection-traffic
class-map CMAP-DEFAULT
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
policy-map PMAP-GLOBAL
 class CMAP-DEFAULT
  inspect http 
  inspect ftp 
  inspect icmp 
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context 
!
jumbo-frame reservation
!
no call-home reporting anonymous
Cryptochecksum:2d3844e5552933eb811eb2e0798e1a5b
: end
asdm image disk0:/asdm-761.bin
no asdm history enable

You were talking about vlan 997, 998 and 999 as wan interfaces but in your config I don't see 997.

Also you need to assign PBR on your inside interfaces and not outside. You've assigned PBR to vlan 998 which is a WAN if I understood correctly your design.

I'm not home right now and can't do a full config through my iphone but let me give you an example:

Let's assume you next hop (ISP router IP) for your WAN interfaces are as below:

 - vlan 997: 1.1.1.1

 - vlan 998: 2.2.2.2

 - vlan 999: 3.3.3.3

Let's say your vlan 30 10.10.30.0/24 needs to go through vlan 997 when reaching Google IP 8.8.8.8 and vlan 999 for all others. The config would be:

access-list test-google extended permit ip 10.10.30.0 255.255.255.0 host 8.8.8.8

!

route-map PBR-VL30 permit 10

  match ip address test-google

  set ip next-hop 1.1.1.1

route-map PBR-VL30 permit 20

  set ip next-hop 3.3.3.3

!

interface GigabitEthernet1/3.30

 policy-route route-map PBR-VL30

If you don't want to filter based on source and destination for PBR, you can use standard ACL and subnets/IPs you will configure on these standard ACL will be for destination filter only.

Hope this helps to understand how PBR works. 

Hello Again

Yesyerday i did some reading about this topic and yes you where right that you din't see 997 becouse i set it back with a back up config.

All trafic sill goes on vlan999.

My touble is a bit that i know enough but on this topic just not enough i think.

In the past there was a Cisco guru that did it and it was click click and 3 min laters you had it done.

Pitty he does not work here no more.

So i have to mamage it by my self and think there is a lot on the asa that is from the past and myby that is in the way.

But i'm a bid scary to set it back to Default to start clean.

There are always ghost from yesterdays past that spook you then, you know what i mean.

My config now and i did it like you say already yesterday but still all internet trafic from all vlans go tru vlan999.

 Saved

: 
: Serial Number: JAD2042014S
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.6(1) 
!
hostname ASA5506
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd hVxRMGvjmxCeVxgf encrypted
names
ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0

!
interface GigabitEthernet1/1
 description *** Ziggo2 ***
 mac-address aaaa.bbbb.cccc
 nameif VLAN999
 security-level 0
 ip address dhcp setroute 
 ipv6 enable
!
interface GigabitEthernet1/2
 description *** Ziggo1 ***
 nameif VLAN998
 security-level 75
 ip address dhcp setroute 
!
interface GigabitEthernet1/3
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/3.1
 description *** Management ***
 vlan 1
 nameif VLAN1
 security-level 25
 ip address 10.10.50.2 255.255.255.0 
!
interface GigabitEthernet1/3.20
 description *** Office ***
 vlan 20
 nameif VLAN20
 security-level 0
 ip address 10.10.20.2 255.255.255.0 
 policy-route route-map PBR-ZIGGO2
 ipv6 enable
!
interface GigabitEthernet1/3.30
 description *** Wi-Fi ***
 vlan 30
 nameif VLAN30
 security-level 0
 ip address 10.10.30.2 255.255.255.0 
 policy-route route-map PBR-ZIGGO2
!
interface GigabitEthernet1/3.40
 description *** Printer ***
 vlan 40
 nameif VLAN40
 security-level 50
 ip address 10.10.40.2 255.255.255.0 
 policy-route route-map PBR-VLAN40
!
interface GigabitEthernet1/3.45
 description *** Server ***
 vlan 45
 nameif VLAN45
 security-level 75
 ip address 10.10.45.2 255.255.255.0 
 policy-route route-map PBR-VLAN45
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 description ***Telfort***
 nameif VlAN997
 security-level 50
 ip address 10.10.60.2 255.255.255.0 
 policy-route route-map PBR-TELFORT
!
interface Management1/1
 description *** ASA Management ***
 management-only
 nameif MNGT
 security-level 100
 ip address 10.10.100.2 255.255.255.0 
!
banner motd ************************************************************************
banner motd *                 Unauthorized access is prohibited                    *
banner motd ************************************************************************
banner motd * This system is to be used only by specifically authorized personnel. *
banner motd * Any unauthorized use of the system is unlawful, and may be subject   *
banner motd * to civil and/or criminal penalties.                                  *
banner motd *                                                                      *
banner motd * Any use of the system may be logged or monitored without further     *
banner motd * notice and resulting logs may be used as evidence in court.          *
banner motd ************************************************************************
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network OBJ-NET-VLAN1
 subnet 10.10.50.0 255.255.255.0
object network OBJ-NET-VLAN20
 subnet 10.10.20.0 255.255.255.0
object network OBJ-NET-VLAN30
 subnet 10.10.30.0 255.255.255.0
object network OBJ-NET-VLAN40
 subnet 10.10.40.0 255.255.255.0
object network OBJ-NET-VLAN45
 subnet 10.10.45.0 255.255.255.0
object network NETWORK_OBJ_192.168.100.0_26
 subnet 192.168.100.0 255.255.255.192
object network OBJ-NET-HOST-10.10.20.105
 host 10.10.20.105
object service OBJ-SRV-TCP-3389
 service tcp source eq 3389 
object service OBJ-SRV-TCP-5000_6000
 service tcp source range 5000 6000 
object network OBJ-NET-HOST-82.94.75.162
 host 82.94.75.162
object network OBJ-NET-HOST-82.94.75.163
 host 82.94.75.163
object network OBJ-NET-HOST-82.94.75.164
 host 82.94.75.164
object network OBJ-NET-HOST-82.94.75.165
 host 82.94.75.165
object network OBJ-NET-HOST-82.94.75.166
 host 82.94.75.166
object network OBJ-NET-HOST-10.10.45.10
 host 10.10.45.10
object network OBJ-NET-HOST-10.10.20.10
 host 10.10.20.10
object network VLAN997
 host 192.168.2.2
 description VLAN997
object-group network OBJ-GRP-NET-RFC1918
 network-object 10.0.0.0 255.0.0.0
 network-object 172.16.0.0 255.240.0.0
 network-object 192.168.0.0 255.255.0.0
access-list ACL-VLAN999-INBOUND remark *** Fritbox - Internetverkeer ***
access-list ACL-VLAN999-INBOUND extended permit icmp any any echo-reply 
access-list ACL-VLAN999-INBOUND extended permit icmp any any unreachable 
access-list ACL-VLAN999-INBOUND extended permit icmp any any time-exceeded 
access-list ACL-VLAN999-INBOUND extended permit icmp any any source-quench 
access-list ACL-VLAN999-INBOUND extended permit tcp 193.173.85.0 255.255.255.192 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN999-INBOUND remark Trans_ip Rdp
access-list ACL-VLAN999-INBOUND extended permit tcp host 37.97.201.18 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN999-INBOUND extended permit tcp any any range 5000 6000 
access-list ACL-VLAN998-INBOUND remark *** Ziggo - Internetverkeer ***
access-list ACL-VLAN998-INBOUND extended permit icmp any any echo-reply 
access-list ACL-VLAN998-INBOUND extended permit icmp any any unreachable 
access-list ACL-VLAN998-INBOUND extended permit icmp any any time-exceeded 
access-list ACL-VLAN998-INBOUND extended permit icmp any any source-quench 
access-list ACL-VLAN998-INBOUND remark Trans_ip Rdp
access-list ACL-VLAN998-INBOUND extended permit tcp host 37.97.201.18 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN998-INBOUND extended permit ip any any 
access-list ACL-VLAN998-INBOUND extended permit tcp any host 10.10.20.10 eq 3389 
access-list ACL-VLAN45-INBOUND remark *** RFC1918 ***
access-list ACL-VLAN45-INBOUND extended deny ip object OBJ-NET-VLAN45 object-group OBJ-GRP-NET-RFC1918 
access-list ACL-VLAN45-INBOUND remark *** Internetverkeer ***
access-list ACL-VLAN45-INBOUND extended permit ip any any 
access-list ACL-RMAP-VLAN45 extended deny ip object OBJ-NET-VLAN45 object-group OBJ-GRP-NET-RFC1918 
access-list ACL-RMAP-VLAN45 extended permit ip object OBJ-NET-VLAN45 any 
access-list ACL-VPN-SPLIT standard permit 10.10.0.0 255.255.0.0 
access-list ACL-PBR-ZIGGO2 extended permit ip 10.10.20.0 255.255.255.0 any 
access-list ACL-PBR-TELFORT extended permit ip 10.10.40.0 255.255.255.0 any 
access-list ACL-PBR-ZIGGO1 extended permit ip 10.10.45.0 255.255.255.0 any 
pager lines 24
logging enable
logging asdm informational
mtu VLAN999 1500
mtu VLAN998 1500
mtu VLAN1 1500
mtu VLAN20 1500
mtu VLAN30 1500
mtu VLAN40 1500
mtu VLAN45 1500
mtu VlAN997 1500
mtu MNGT 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (VLAN1,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN20,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN30,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN40,VlAN997) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN45,VLAN998) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN20,VLAN998) source static OBJ-NET-HOST-10.10.20.10 interface service OBJ-SRV-TCP-3389 OBJ-SRV-TCP-3389
nat (VLAN45,VLAN998) source static OBJ-NET-HOST-10.10.45.10 OBJ-NET-HOST-82.94.75.165
nat (VLAN1,VLAN999) source dynamic any interface
nat (VLAN20,VLAN999) source dynamic any interface
nat (VLAN30,VLAN999) source dynamic any interface
nat (VLAN40,VLAN999) source dynamic any interface
nat (VLAN1,VLAN998) source dynamic any interface
nat (VLAN20,VLAN998) source dynamic any interface
nat (VLAN30,VLAN998) source dynamic any interface
nat (VLAN40,VLAN998) source dynamic any interface
nat (VLAN45,VLAN999) source dynamic any interface
nat (VLAN45,VLAN998) source dynamic any interface
access-group ACL-VLAN999-INBOUND in interface VLAN999
access-group ACL-VLAN998-INBOUND in interface VLAN998
access-group ACL-VLAN45-INBOUND in interface VLAN45
!
route-map PBR-ZIGGO1 permit 10
 match ip address ACL-PBR-ZIGGO1
 set ip next-hop 212.187.37.1

!
route-map PBR-ZIGGO2 permit 10
 match ip address ACL-PBR-ZIGGO2
 set ip next-hop 212.187.37.1

!
route-map RMAP-Gi1/3.45 permit 10
 match ip address ACL-RMAP-VLAN45
 set ip next-hop verify-availability 82.94.75.161 1 track 10

!
route-map PBR-TELFORT permit 10
 match ip address ACL-PBR-TELFORT
 match interface VlAN997
 set ip next-hop verify-availability 10.10.60.1 10 track 1
 set ip next-hop 10.10.60.1

!
route-map PBR-VLAN45 permit 10
 match interface VlAN997

!
route-map PBR-VLAN30 permit 10
 match ip address ACL-PBR-ZIGGO1
 match interface VLAN998
 set ip next-hop 212.187.37.1

!
route-map PBR-VLAN40 permit 10
 match ip address ACL-PBR-TELFORT
 match interface VlAN997
 set ip next-hop 10.10.60.1

!
route VLAN999 8.8.4.4 255.255.255.255 192.168.200.1 1
route VLAN998 8.8.8.8 255.255.255.255 192.168.199.1 1
route VlAN997 192.168.2.2 255.255.255.255 192.168.200.1 1
route VLAN998 193.173.85.0 255.255.255.192 192.168.200.1 1
route VLAN999 193.173.85.5 255.255.255.255 192.168.200.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication enable console LOCAL 
aaa authorization exec LOCAL auto-enable
http server enable
http 0.0.0.0 0.0.0.0 MNGT
http 0.0.0.0 0.0.0.0 VLAN20
http 0.0.0.0 0.0.0.0 VLAN999
no snmp-server location
no snmp-server contact
sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8 interface VLAN998
 timeout 300
 threshold 15000
 frequency 5
sla monitor schedule 1 life forever start-time now
sla monitor 2
 type echo protocol ipIcmpEcho 8.8.4.4 interface VLAN999
 timeout 300
 threshold 15000
 frequency 5
sla monitor schedule 2 life forever start-time now
sla monitor 3
 type echo protocol ipIcmpEcho 8.8.8.8 interface VLAN999
sla monitor schedule 3 life forever start-time now
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map VLAN20_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN20_map interface VLAN20
crypto map VLAN30_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN30_map interface VLAN30
crypto map VLAN40_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN40_map interface VLAN40
crypto map VLAN998_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN998_map interface VLAN998
crypto map VLAN45_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto ca trustpoint localtrust
 enrollment self
 fqdn sslvpn.4udomein.com
 subject-name CN=sslvpn.4udomein.com
 keypair sslvpnkey
 crl configure
crypto ca trustpool policy
crypto ca certificate chain localtrust
 certificate 6bd0bf58
    30820300 308201e8 a0030201 0202046b d0bf5830 0d06092a 864886f7 0d010105 
    05003042 311c301a 06035504 03131373 736c7670 6e2e3475 646f6d65 696e2e63 
    6f6d3122 30200609 2a864886 f70d0109 02161373 736c7670 6e2e3475 646f6d65 
    696e2e63 6f6d301e 170d3137 30333130 30373431 32305a17 0d323730 33303830 
    37343132 305a3042 311c301a 06035504 03131373 736c7670 6e2e3475 646f6d65 
    696e2e63 6f6d3122 30200609 2a864886 f70d0109 02161373 736c7670 6e2e3475 
    646f6d65 696e2e63 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 
    0f003082 010a0282 010100a1 b2fe7671 f610a388 6d51851c 502093f5 cb5a944b 
    6285bb0d 37a01743 532f1914 11494c9e fbdaae6e 2e08cdb0 328cb667 5942d4e6 
    cc5e61a5 fb692d38 f4d46f75 2f8227f8 245bc7df a467dc68 7621b0c2 13a36762 
    b7bfb486 14272c49 1eb14f1a a307c724 532cfa3d 50c8a646 9cc06d06 3f2efab4 
    e10d491b 54fc42cb bee423d0 4e8df04b 6154146e f095ee82 8f41364e c94c7533 
    913cc866 79c6a32a 11b13718 895e23cb bc7b3502 ad7e1013 78b34526 cee075c1 
    ffd74c4c 9f41299d 9f40207a dfe083b4 717c9853 96090207 6135d21d f0d55558 
    c952eda0 15a61b45 f13789d6 47c82828 4cdb6b03 806415d6 8c14157d f85f09c4 
    02ebe725 fe9bf345 f407c102 03010001 300d0609 2a864886 f70d0101 05050003 
    82010100 03b31914 58eeb2c6 3c23e006 8bd5a4f5 563503d2 03fcd341 8bcf451d 
    722a6d78 a57a9808 ad1a282c 77530dd5 24eca366 8455f14d 86e51ed9 426d9790 
    a1a274ec 2116ec1b 97506c2f 73fe491c b3706142 b5cba46f 890efa41 dc26053d 
    320204e4 2b21b7fc a6a2f521 1fffa05b c37de564 13cc4289 c8043907 b6b9f21c 
    0566c173 496a0a1d 5f9fa630 d51d76db 7e88a9d8 8c6aa3b0 29109dc6 d13dd6a5 
    01e17d31 5209671e ea139e42 40637c43 dbee0608 670fe6c1 72e73a85 e710bc1a 
    9d2f1d6b dded7d12 ffafe1d2 cc097a20 0595a446 a508f613 047250e7 1091bf87 
    68c813da 8cdd30d8 96598a1c 1a615f84 a21871a8 f8be0459 5dcfe69f 72a9fcf2 
    aadc283f
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable VLAN998 client-services port 443
crypto ikev2 enable VLAN20 client-services port 443
crypto ikev2 remote-access trustpoint localtrust
crypto ikev1 enable VLAN20
crypto ikev1 enable VLAN30
crypto ikev1 enable VLAN40
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
!
track 10 rtr 1 reachability
!
track 11 rtr 3 reachability
!
track 20 rtr 2 reachability
telnet 0.0.0.0 0.0.0.0 VlAN997
telnet timeout 5
ssh stricthostkeycheck
ssh 193.173.85.0 255.255.255.192 VLAN999
ssh 193.173.85.0 255.255.255.192 VLAN998
ssh 0.0.0.0 0.0.0.0 VLAN20
ssh 0.0.0.0 0.0.0.0 MNGT
ssh timeout 15
ssh key-exchange group dh-group1-sha1
console timeout 15

dhcp-client client-id interface VLAN999
dhcp-client client-id interface VLAN998
dhcpd address 10.10.50.200-10.10.50.250 VLAN1
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN1
dhcpd enable VLAN1
!
dhcpd address 10.10.20.200-10.10.20.250 VLAN20
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN20
dhcpd enable VLAN20
!
dhcpd address 10.10.30.200-10.10.30.250 VLAN30
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN30
dhcpd enable VLAN30
!
dhcpd address 10.10.40.200-10.10.40.250 VLAN40
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN40
dhcpd enable VLAN40
!
dhcpd address 10.10.45.200-10.10.45.250 VLAN45
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN45
dhcpd enable VLAN45
!
dhcpd address 10.10.100.200-10.10.100.250 MNGT
dhcpd dns 208.67.222.222 208.67.220.220 interface MNGT
dhcpd enable MNGT
!
ntp server 85.255.214.66 source VLAN999
ssl trust-point localtrust VLAN999
ssl trust-point localtrust VLAN998
ssl trust-point localtrust VLAN20
webvpn
 enable VLAN999
 enable VLAN998
 enable VLAN20
 anyconnect image disk0:/anyconnect-linux64-4.4.01054-webdeploy-k9.pkg 1
 anyconnect image disk0:/anyconnect-win-4.4.01054-webdeploy-k9.pkg 2
 anyconnect profiles 4uDomein_client_profile disk0:/4uDomein_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
 cache
  disable
 error-recovery disable
group-policy SSLCLient internal
group-policy SSLCLient attributes
 dns-server value 192.168.200.5
 vpn-tunnel-protocol ssl-client 
 default-domain value mysite.com
 address-pools value SSLClientPool
group-policy GroupPolicy_4uDomein internal
group-policy GroupPolicy_4uDomein attributes
 wins-server none
 dns-server value 10.10.20.100 10.10.20.101
 vpn-tunnel-protocol ikev1 ikev2 ssl-client 
 password-storage disable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ACL-VPN-SPLIT
 default-domain none
 webvpn
  anyconnect profiles value 4uDomein_client_profile type user
dynamic-access-policy-record DfltAccessPolicy
username Dave password L4o29iC9zK9nTS7P encrypted privilege 15
username Dave attributes
 service-type admin
username Davevpn password leb4YKzqGcsujPoJ encrypted privilege 15
username vlietd password Q101T2coMJVYHrL6 encrypted privilege 15
tunnel-group SSLClient type remote-access
tunnel-group SSLClient general-attributes
 default-group-policy SSLCLient
tunnel-group SSLClient webvpn-attributes
 group-alias MY_RA enable
tunnel-group 4uDomein type remote-access
tunnel-group 4uDomein general-attributes
 address-pool SSLClientPool
 default-group-policy GroupPolicy_4uDomein
tunnel-group 4uDomein webvpn-attributes
 group-alias 4uDomein enable
tunnel-group 4uDomein ipsec-attributes
 ikev1 trust-point localtrust
!
class-map inspection_default
 match default-inspection-traffic
class-map CMAP-DEFAULT
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
policy-map PMAP-GLOBAL
 class CMAP-DEFAULT
  inspect http 
  inspect ftp 
  inspect icmp 
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context 
!
jumbo-frame reservation
!
no call-home reporting anonymous
Cryptochecksum:a44412b46def762054929adcc0c1fb54
: end
asdm image disk0:/asdm-761.bin
no asdm history enable

Thank you

VLAN45 is now going on the VLAN998  an if i test it with what is my ip i have 62.194.166.32 so that is working fine.

But VLAN40 that need to be on VLAN997 is not working with the same i did for VLAN45

My config on this moment is:

That line is not in Bridge and gets its ip from a adsl router.line is up and working fine

: Saved

: 
: Serial Number: JAD2042014S
: Hardware:   ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores)
:
ASA Version 9.6(1) 
!
hostname ASA5506
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd hVxRMGvjmxCeVxgf encrypted
names
ip local pool SSLClientPool 192.168.100.1-192.168.100.50 mask 255.255.255.0

!
interface GigabitEthernet1/1
 description *** Ziggo2 ***
 mac-address aaaa.bbbb.cccc
 nameif VLAN999
 security-level 0
 ip address dhcp setroute 
 ipv6 enable
!
interface GigabitEthernet1/2
 description *** Ziggo1 ***
 nameif VLAN998
 security-level 75
 ip address dhcp setroute 
!
interface GigabitEthernet1/3
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/3.1
 description *** Management ***
 vlan 1
 nameif VLAN1
 security-level 25
 ip address 10.10.50.2 255.255.255.0 
!
interface GigabitEthernet1/3.20
 description *** Office ***
 vlan 20
 nameif VLAN20
 security-level 0
 ip address 10.10.20.2 255.255.255.0 
 policy-route route-map PBR-ZIGGO2
 ipv6 enable
!
interface GigabitEthernet1/3.30
 description *** Wi-Fi ***
 vlan 30
 nameif VLAN30
 security-level 0
 ip address 10.10.30.2 255.255.255.0 
 policy-route route-map PBR-ZIGGO2
!
interface GigabitEthernet1/3.40
 description *** Printer ***
 vlan 40
 nameif VLAN40
 security-level 50
 ip address 10.10.40.2 255.255.255.0 
 policy-route route-map PBR-VLAN40
!
interface GigabitEthernet1/3.45
 description *** Server ***
 vlan 45
 nameif VLAN45
 security-level 75
 ip address 10.10.45.2 255.255.255.0 
 policy-route route-map PBR-VLAN45
!
interface GigabitEthernet1/4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/5
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/6
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/7
 shutdown
 no nameif
 no security-level
 no ip address
!
interface GigabitEthernet1/8
 description ***Telfort***
 nameif VlAN997
 security-level 50
 ip address 10.10.60.2 255.255.255.0 
 policy-route route-map PBR-TELFORT
!
interface Management1/1
 description *** ASA Management ***
 management-only
 nameif MNGT
 security-level 100
 ip address 10.10.100.2 255.255.255.0 
!
banner motd ************************************************************************
banner motd *                 Unauthorized access is prohibited                    *
banner motd ************************************************************************
banner motd * This system is to be used only by specifically authorized personnel. *
banner motd * Any unauthorized use of the system is unlawful, and may be subject   *
banner motd * to civil and/or criminal penalties.                                  *
banner motd *                                                                      *
banner motd * Any use of the system may be logged or monitored without further     *
banner motd * notice and resulting logs may be used as evidence in court.          *
banner motd ************************************************************************
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network OBJ-NET-VLAN1
 subnet 10.10.50.0 255.255.255.0
object network OBJ-NET-VLAN20
 subnet 10.10.20.0 255.255.255.0
object network OBJ-NET-VLAN30
 subnet 10.10.30.0 255.255.255.0
object network OBJ-NET-VLAN40
 subnet 10.10.40.0 255.255.255.0
object network OBJ-NET-VLAN45
 subnet 10.10.45.0 255.255.255.0
object network NETWORK_OBJ_192.168.100.0_26
 subnet 192.168.100.0 255.255.255.192
object network OBJ-NET-HOST-10.10.20.105
 host 10.10.20.105
object service OBJ-SRV-TCP-3389
 service tcp source eq 3389 
object service OBJ-SRV-TCP-5000_6000
 service tcp source range 5000 6000 
object network OBJ-NET-HOST-82.94.75.162
 host 82.94.75.162
object network OBJ-NET-HOST-82.94.75.163
 host 82.94.75.163
object network OBJ-NET-HOST-82.94.75.164
 host 82.94.75.164
object network OBJ-NET-HOST-82.94.75.165
 host 82.94.75.165
object network OBJ-NET-HOST-82.94.75.166
 host 82.94.75.166
object network OBJ-NET-HOST-10.10.45.10
 host 10.10.45.10
object network OBJ-NET-HOST-10.10.20.10
 host 10.10.20.10
object network VLAN997
 host 192.168.2.2
 description VLAN997
object network VLAN45
 host 10.10.45.2
 description VLAN45
object network VLAN40
 host 10.10.40.2
 description VLAN40
object-group network OBJ-GRP-NET-RFC1918
 network-object 10.0.0.0 255.0.0.0
 network-object 172.16.0.0 255.240.0.0
 network-object 192.168.0.0 255.255.0.0
access-list ACL-VLAN999-INBOUND remark *** Fritbox - Internetverkeer ***
access-list ACL-VLAN999-INBOUND extended permit icmp any any echo-reply 
access-list ACL-VLAN999-INBOUND extended permit icmp any any unreachable 
access-list ACL-VLAN999-INBOUND extended permit icmp any any time-exceeded 
access-list ACL-VLAN999-INBOUND extended permit icmp any any source-quench 
access-list ACL-VLAN999-INBOUND extended permit tcp 193.173.85.0 255.255.255.192 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN999-INBOUND remark Trans_ip Rdp
access-list ACL-VLAN999-INBOUND extended permit tcp host 37.97.201.18 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN999-INBOUND extended permit tcp any any range 5000 6000 
access-list ACL-VLAN998-INBOUND remark *** Ziggo - Internetverkeer ***
access-list ACL-VLAN998-INBOUND extended permit icmp any any echo-reply 
access-list ACL-VLAN998-INBOUND extended permit icmp any any unreachable 
access-list ACL-VLAN998-INBOUND extended permit icmp any any time-exceeded 
access-list ACL-VLAN998-INBOUND extended permit icmp any any source-quench 
access-list ACL-VLAN998-INBOUND remark Trans_ip Rdp
access-list ACL-VLAN998-INBOUND extended permit tcp host 37.97.201.18 object OBJ-NET-HOST-10.10.45.10 eq 3389 
access-list ACL-VLAN998-INBOUND extended permit ip any any 
access-list ACL-VLAN998-INBOUND extended permit tcp any host 10.10.20.10 eq 3389 
access-list ACL-VLAN45-INBOUND remark *** RFC1918 ***
access-list ACL-VLAN45-INBOUND extended deny ip object OBJ-NET-VLAN45 object-group OBJ-GRP-NET-RFC1918 
access-list ACL-VLAN45-INBOUND remark *** Internetverkeer ***
access-list ACL-VLAN45-INBOUND extended permit ip any any 
access-list ACL-RMAP-VLAN45 extended deny ip object OBJ-NET-VLAN45 object-group OBJ-GRP-NET-RFC1918 
access-list ACL-RMAP-VLAN45 extended permit ip object OBJ-NET-VLAN45 any 
access-list ACL-VPN-SPLIT standard permit 10.10.0.0 255.255.0.0 
access-list ACL-PBR-ZIGGO2 extended permit ip 10.10.20.0 255.255.255.0 any 
access-list ACL-PBR-TELFORT extended permit ip 10.10.40.0 255.255.255.0 any 
access-list ACL-PBR-ZIGGO1 extended permit ip 10.10.45.0 255.255.255.0 any 
pager lines 24
logging enable
logging asdm informational
mtu VLAN999 1500
mtu VLAN998 1500
mtu VLAN1 1500
mtu VLAN20 1500
mtu VLAN30 1500
mtu VLAN40 1500
mtu VLAN45 1500
mtu VlAN997 1500
mtu MNGT 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-761.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (VLAN1,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN20,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN30,any) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN40,VlAN997) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN45,VLAN998) source static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 destination static OBJ-GRP-NET-RFC1918 OBJ-GRP-NET-RFC1918 no-proxy-arp route-lookup
nat (VLAN20,VLAN998) source static OBJ-NET-HOST-10.10.20.10 interface service OBJ-SRV-TCP-3389 OBJ-SRV-TCP-3389
nat (VLAN45,VLAN998) source static OBJ-NET-HOST-10.10.45.10 OBJ-NET-HOST-82.94.75.165
nat (VLAN1,VLAN999) source dynamic any interface
nat (VLAN20,VLAN999) source dynamic any interface
nat (VLAN30,VLAN999) source dynamic any interface
nat (VLAN40,VLAN999) source dynamic any interface
nat (VLAN1,VLAN998) source dynamic any interface
nat (VLAN20,VLAN998) source dynamic any interface
nat (VLAN30,VLAN998) source dynamic any interface
nat (VLAN40,VLAN998) source dynamic any interface
nat (VLAN45,VLAN999) source dynamic any interface
nat (VLAN45,VLAN998) source dynamic any interface
!
object network VLAN45
 nat (any,VLAN998) static interface
object network VLAN40
 nat (any,VlAN997) static interface
access-group ACL-VLAN999-INBOUND in interface VLAN999
access-group ACL-VLAN998-INBOUND in interface VLAN998
access-group ACL-VLAN45-INBOUND in interface VLAN45
!
route-map PBR-ZIGGO1 permit 10
 match ip address ACL-PBR-ZIGGO1
 set ip next-hop 212.187.37.1

!
route-map PBR-ZIGGO2 permit 10
 match ip address ACL-PBR-ZIGGO2
 set ip next-hop 212.187.37.1

!
route-map RMAP-Gi1/3.45 permit 10
 match ip address ACL-RMAP-VLAN45
 set ip next-hop verify-availability 82.94.75.161 1 track 10

!
route-map PBR-TELFORT permit 10
 match ip address ACL-PBR-TELFORT
 match interface VlAN997
 set ip next-hop verify-availability 10.10.60.1 10 track 1
 set ip next-hop 10.10.60.1

!
route-map PBR-VLAN45 permit 10
 match interface VlAN997

!
route-map PBR-VLAN30 permit 10
 match ip address ACL-PBR-ZIGGO1
 match interface VLAN998
 set ip next-hop 212.187.37.1

!
route-map PBR-VLAN40 permit 10
 match ip address ACL-PBR-TELFORT
 match interface VlAN997
 set ip next-hop 10.10.60.1

!
route VLAN999 8.8.4.4 255.255.255.255 192.168.200.1 1
route VLAN998 8.8.8.8 255.255.255.255 192.168.199.1 1
route VlAN997 192.168.2.2 255.255.255.255 192.168.200.1 1
route VLAN998 193.173.85.0 255.255.255.192 192.168.200.1 1
route VLAN999 193.173.85.5 255.255.255.255 192.168.200.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL 
aaa authentication ssh console LOCAL 
aaa authentication http console LOCAL 
aaa authentication serial console LOCAL 
aaa authentication enable console LOCAL 
aaa authorization exec LOCAL auto-enable
http server enable
http 0.0.0.0 0.0.0.0 MNGT
http 0.0.0.0 0.0.0.0 VLAN20
http 0.0.0.0 0.0.0.0 VLAN999
no snmp-server location
no snmp-server contact
sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8 interface VLAN998
 timeout 300
 threshold 15000
 frequency 5
sla monitor schedule 1 life forever start-time now
sla monitor 2
 type echo protocol ipIcmpEcho 8.8.4.4 interface VLAN999
 timeout 300
 threshold 15000
 frequency 5
sla monitor schedule 2 life forever start-time now
sla monitor 3
 type echo protocol ipIcmpEcho 8.8.8.8 interface VLAN999
sla monitor schedule 3 life forever start-time now
service sw-reset-button
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
crypto ipsec ikev2 ipsec-proposal DES
 protocol esp encryption des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
 protocol esp encryption 3des
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
 protocol esp encryption aes
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
 protocol esp encryption aes-192
 protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
 protocol esp encryption aes-256
 protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map VLAN20_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN20_map interface VLAN20
crypto map VLAN30_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN30_map interface VLAN30
crypto map VLAN40_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN40_map interface VLAN40
crypto map VLAN998_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map VLAN998_map interface VLAN998
crypto map VLAN45_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto ca trustpoint localtrust
 enrollment self
 fqdn sslvpn.4udomein.com
 subject-name CN=sslvpn.4udomein.com
 keypair sslvpnkey
 crl configure
crypto ca trustpool policy
crypto ca certificate chain localtrust
 certificate 6bd0bf58
    30820300 308201e8 a0030201 0202046b d0bf5830 0d06092a 864886f7 0d010105 
    05003042 311c301a 06035504 03131373 736c7670 6e2e3475 646f6d65 696e2e63 
    6f6d3122 30200609 2a864886 f70d0109 02161373 736c7670 6e2e3475 646f6d65 
    696e2e63 6f6d301e 170d3137 30333130 30373431 32305a17 0d323730 33303830 
    37343132 305a3042 311c301a 06035504 03131373 736c7670 6e2e3475 646f6d65 
    696e2e63 6f6d3122 30200609 2a864886 f70d0109 02161373 736c7670 6e2e3475 
    646f6d65 696e2e63 6f6d3082 0122300d 06092a86 4886f70d 01010105 00038201 
    0f003082 010a0282 010100a1 b2fe7671 f610a388 6d51851c 502093f5 cb5a944b 
    6285bb0d 37a01743 532f1914 11494c9e fbdaae6e 2e08cdb0 328cb667 5942d4e6 
    cc5e61a5 fb692d38 f4d46f75 2f8227f8 245bc7df a467dc68 7621b0c2 13a36762 
    b7bfb486 14272c49 1eb14f1a a307c724 532cfa3d 50c8a646 9cc06d06 3f2efab4 
    e10d491b 54fc42cb bee423d0 4e8df04b 6154146e f095ee82 8f41364e c94c7533 
    913cc866 79c6a32a 11b13718 895e23cb bc7b3502 ad7e1013 78b34526 cee075c1 
    ffd74c4c 9f41299d 9f40207a dfe083b4 717c9853 96090207 6135d21d f0d55558 
    c952eda0 15a61b45 f13789d6 47c82828 4cdb6b03 806415d6 8c14157d f85f09c4 
    02ebe725 fe9bf345 f407c102 03010001 300d0609 2a864886 f70d0101 05050003 
    82010100 03b31914 58eeb2c6 3c23e006 8bd5a4f5 563503d2 03fcd341 8bcf451d 
    722a6d78 a57a9808 ad1a282c 77530dd5 24eca366 8455f14d 86e51ed9 426d9790 
    a1a274ec 2116ec1b 97506c2f 73fe491c b3706142 b5cba46f 890efa41 dc26053d 
    320204e4 2b21b7fc a6a2f521 1fffa05b c37de564 13cc4289 c8043907 b6b9f21c 
    0566c173 496a0a1d 5f9fa630 d51d76db 7e88a9d8 8c6aa3b0 29109dc6 d13dd6a5 
    01e17d31 5209671e ea139e42 40637c43 dbee0608 670fe6c1 72e73a85 e710bc1a 
    9d2f1d6b dded7d12 ffafe1d2 cc097a20 0595a446 a508f613 047250e7 1091bf87 
    68c813da 8cdd30d8 96598a1c 1a615f84 a21871a8 f8be0459 5dcfe69f 72a9fcf2 
    aadc283f
  quit
crypto ikev2 policy 1
 encryption aes-256
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 10
 encryption aes-192
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 20
 encryption aes
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 30
 encryption 3des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 policy 40
 encryption des
 integrity sha
 group 5 2
 prf sha
 lifetime seconds 86400
crypto ikev2 enable VLAN998 client-services port 443
crypto ikev2 enable VLAN20 client-services port 443
crypto ikev2 remote-access trustpoint localtrust
crypto ikev1 enable VLAN20
crypto ikev1 enable VLAN30
crypto ikev1 enable VLAN40
crypto ikev1 policy 20
 authentication rsa-sig
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 30
 authentication pre-share
 encryption aes-256
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 50
 authentication rsa-sig
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 60
 authentication pre-share
 encryption aes-192
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 80
 authentication rsa-sig
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 90
 authentication pre-share
 encryption aes
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 110
 authentication rsa-sig
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 120
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 140
 authentication rsa-sig
 encryption des
 hash sha
 group 2
 lifetime 86400
crypto ikev1 policy 150
 authentication pre-share
 encryption des
 hash sha
 group 2
 lifetime 86400
!
track 10 rtr 1 reachability
!
track 11 rtr 3 reachability
!
track 20 rtr 2 reachability
telnet 0.0.0.0 0.0.0.0 VlAN997
telnet timeout 5
ssh stricthostkeycheck
ssh 193.173.85.0 255.255.255.192 VLAN999
ssh 193.173.85.0 255.255.255.192 VLAN998
ssh 0.0.0.0 0.0.0.0 VLAN20
ssh 0.0.0.0 0.0.0.0 MNGT
ssh timeout 15
ssh key-exchange group dh-group1-sha1
console timeout 15

dhcp-client client-id interface VLAN999
dhcp-client client-id interface VLAN998
dhcpd address 10.10.50.200-10.10.50.250 VLAN1
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN1
dhcpd enable VLAN1
!
dhcpd address 10.10.20.200-10.10.20.250 VLAN20
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN20
dhcpd enable VLAN20
!
dhcpd address 10.10.30.200-10.10.30.250 VLAN30
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN30
dhcpd enable VLAN30
!
dhcpd address 10.10.40.200-10.10.40.250 VLAN40
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN40
dhcpd enable VLAN40
!
dhcpd address 10.10.45.200-10.10.45.250 VLAN45
dhcpd dns 208.67.222.222 208.67.220.220 interface VLAN45
dhcpd enable VLAN45
!
dhcpd address 10.10.100.200-10.10.100.250 MNGT
dhcpd dns 208.67.222.222 208.67.220.220 interface MNGT
dhcpd enable MNGT
!
ntp server 85.255.214.66 source VLAN999
ssl trust-point localtrust VLAN999
ssl trust-point localtrust VLAN998
ssl trust-point localtrust VLAN20
webvpn
 enable VLAN999
 enable VLAN998
 enable VLAN20
 anyconnect image disk0:/anyconnect-linux64-4.4.01054-webdeploy-k9.pkg 1
 anyconnect image disk0:/anyconnect-win-4.4.01054-webdeploy-k9.pkg 2
 anyconnect profiles 4uDomein_client_profile disk0:/4uDomein_client_profile.xml
 anyconnect enable
 tunnel-group-list enable
 cache
  disable
 error-recovery disable
group-policy SSLCLient internal
group-policy SSLCLient attributes
 dns-server value 192.168.200.5
 vpn-tunnel-protocol ssl-client 
 default-domain value mysite.com
 address-pools value SSLClientPool
group-policy GroupPolicy_4uDomein internal
group-policy GroupPolicy_4uDomein attributes
 wins-server none
 dns-server value 10.10.20.100 10.10.20.101
 vpn-tunnel-protocol ikev1 ikev2 ssl-client 
 password-storage disable
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value ACL-VPN-SPLIT
 default-domain none
 webvpn
  anyconnect profiles value 4uDomein_client_profile type user
dynamic-access-policy-record DfltAccessPolicy
username Dave password L4o29iC9zK9nTS7P encrypted privilege 15
username Dave attributes
 service-type admin
username Davevpn password leb4YKzqGcsujPoJ encrypted privilege 15
username vlietd password Q101T2coMJVYHrL6 encrypted privilege 15
tunnel-group SSLClient type remote-access
tunnel-group SSLClient general-attributes
 default-group-policy SSLCLient
tunnel-group SSLClient webvpn-attributes
 group-alias MY_RA enable
tunnel-group 4uDomein type remote-access
tunnel-group 4uDomein general-attributes
 address-pool SSLClientPool
 default-group-policy GroupPolicy_4uDomein
tunnel-group 4uDomein webvpn-attributes
 group-alias 4uDomein enable
tunnel-group 4uDomein ipsec-attributes
 ikev1 trust-point localtrust
!
class-map inspection_default
 match default-inspection-traffic
class-map CMAP-DEFAULT
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
policy-map PMAP-GLOBAL
 class CMAP-DEFAULT
  inspect http 
  inspect ftp 
  inspect icmp 
 class class-default
  user-statistics accounting
!
service-policy global_policy global
prompt hostname context 
!
jumbo-frame reservation
!
no call-home reporting anonymous
Cryptochecksum:10d935385328b1cb4a531de89bc10a61
: end
asdm image disk0:/asdm-761.bin
no asdm history enable

i getting gray  from this.

No it is still going out with VLan999

Thx you both for the help i remved a old nat config where VLAN40 was in with his own public ip for internet printing and smart phones.

and now it is on the right ip 212.182.132.89.

so happy now 

Great job

Sure here is the log

if you look @ the old config there is a line with ***fritzbox internet*** and acess rule sip wlan40 with a ip that was with 89.xxx.xxx.xxx

yes so good that it work i saw my self setting it back to default in my hollyday already.

Many thanks