Yes I'm using BV1

Here is my VPN-NAT ----

@saids3 almost looks ok, just change the source address under both original packet and translated packet to an object representing the network behind inside_2 interface (rather than using any) - then you have a NAT exemption rule between the inside network and the VPN pool. You will need to duplicate the NAT rule for the other BVI interfaces (inside_3, inside_4 etc).

@Rob Ingram  Hello - I have placed the NAT on the top -- its working fine but now the issue is the second NAT OVPN_DSM stopped working!! 

@saids3 you need to be more specific in your NAT rules. Don't use "any" for interface or the networks, use the specific interface and a network object - otherwise you will have unintended NAT translations.

Still same issue - please see the nat setting the first nat is working second not and if I swap the first always works. My network is based on BVI ---

@saids3 i thought the objective was to exempt VPN traffic? You need to specify the original and translated source addess as the same network object and the original and translated destination the same network object. This ensures VPN traffic is not unintentially translated.

Example:

Sorry! but still not working! The good thing is nat number#2 still working! 

@saids3 what is the relevance of the anyconnect connection failure in your screenshot?

Rule#1 would work for traffic from VLAN1 sourced from inside_8 to the VPN-POOL, for any user connected to the VPN. It would have no relevance to establish a VPN if thats what you mean?

hello @Rob Ingram 

any suggestion I need to VPN my network from outside - 

I tried this but still failed!!