Config is as follow
interface Ethernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.10.2 255.255.255.252
dns server-group DefaultDNS
name-server 80.227.2.2
name-server 80.227.2.3
object-group network Dubai-Subnets
description Dubai subnets to be accessed via VPN
network-object 192.168.20.0 255.255.255.0
network-object 192.168.50.0 255.255.255.0
network-object 192.168.10.0 255.255.255.0
object-group network Q8-LAN
description Kuwait Subnet to be accessed via VPN
network-object 172.16.16.0 255.255.255.0
network-object 192.168.110.0 255.255.255.0
network-object 192.168.120.0 255.255.255.0
access-list NoNAT extended permit ip object-group Dubai-Subnets object-group Q8-LAN
access-list NoNAT extended permit ip any 192.168.150.0 255.255.255.240
access-list VPN-2-q8 extended permit ip object-group Dubai-Subnets object-group Q8-LAN
access-list Outside_access_in extended permit icmp any any
access-list AdminGrp_splitTunnelAcl standard permit any
access-list AdminGrp_splitTunnelAcl_1 standard permit any
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool RVPNPool 192.168.150.1-192.168.150.14 mask 255.255.255.240
global (outside) 1 interface
nat (inside) 0 access-list NoNAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group Outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 91.74.105.161 1
route inside 192.168.20.0 255.255.255.0 192.168.10.1 1
route inside 192.168.30.0 255.255.255.0 192.168.10.1 1
route inside 192.168.40.0 255.255.255.0 192.168.10.1 1
route inside 192.168.50.0 255.255.255.0 192.168.10.1 1
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address VPN-2-q8
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer y.y.y.y
crypto map outside_map 1 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
management-access inside
group-policy AdminGrp internal
group-policy AdminGrp attributes
dns-server value 192.168.20.111
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value AdminGrp_splitTunnelAcl_1
username rami password xxx encrypted privilege 0
username rami attributes
vpn-group-policy AdminGrp
username admin password xxx encrypted privilege 15
tunnel-group AdminGrp type remote-access
tunnel-group AdminGrp general-attributes
address-pool RVPNPool
default-group-policy AdminGrp
tunnel-group AdminGrp ipsec-attributes
pre-shared-key *
