I assume it's the 3rd NAT rule?...which appears to have been hit. Do they have a local firewall turned on?...which is blocking traffic?? Do you have split tunnel configured?....if yes you will need to tunnel the VPN Pool network. ... View more

Hi, Yes, you will need to include that IP address in the split-tunnel ACL. Also you will probably need to create a NAT rule for the VPN Pool, e.g:-   object network VPN_POOL subnet 192.168.10.0 255.255.255.0 nat (outside,outside) dynamic interface ...and permit traffic sourced from the outside interface to be routed back out the outside interface. same-security-traffic permit intra-interface HTH ... View more

You crypto-map is referencing ACL - "access-list Outside_cryptomap_5 extended permit ip 10.192.8.0 255.255.255.0 object All_CompanyB_Networks" - which doesn't include your RAVPN Pool network as source. You'll need to include that Also check your split-tunnel and include the remote networks. ... View more

Hi, No you don't necessarily need to have a dedicated VPN concentrator, large organsiations do for separation of roles rather than have one device do everything, this helps reduce complexity.   You can purchase the Cisco Firepower 1000 series firewalls, datasheet here. The FP1010 model support maximum 75 VPN peers, the 1020 model supports 150 VPN peers and the 1040 supports up to 400 VPN peers. You should purchase based on your maximum connections, so you might need to purchase the 1040   To assign a static IP address to users if you use LDAP to authenticate you can follow this guide, or alternatively if you use RADIUS follow this guide.   HTH ... View more