Hi,
The configurations you have for VPN Clients is basicly the way to do NAT Exempt for all remote networks behind a VPN connection whether its a VPN Client pool EasyVPN Client or L2L VPN.
The basic format is
object network LOCAL-LAN
subnet 10.10.10.0 255.255.255.0
object network REMOTE-LAN
subnet 10.10.100.0 255.255.255.0
nat (inside,outside) source static LOCAL-LAN LOCAL-LAN destination static REMOTE-LAN REMOTE-LAN
or incase you have several networks at local and remote sites then you could use
object-group network LOCAL-LAN
network-object 10.10.10.0 255.255.255.0
network-object 10.10.20.0 255.255.255.0
object-group network REMOTE-LAN
network-object 10.10.100.0 255.255.255.0
network-object 10.10.200.0 255.255.255.0
nat (inside,outside) source static LOCAL-LAN LOCAL-LAN destination static REMOTE-LAN REMOTE-LAN
The configuration you have currently
nat (inside,outside) source dynamic DYNAMIC-INSIDE interface destination static REMOTE-NETWORKS REMOTE-NETWORKS
NATs the IP addresses inside DYNAMIC-INSIDE to the "outside" interface IP address because of the parameter "interface"
So basicly you should remove this configuration and replace it with for example the ones I mentioned. Naturally name then as you see fit and use the networks that apply to your situation.
Hopefully this helps
Remember to mark the question as answered if it did and/or rate helpfull answers.
Naturally ask more if needed
- Jouni