To add to this, if you want to terminate the vlans on the switch, you can create SVIs (switched virtual interfaces), give them an ip, and they will work similar to a sub-interface.Make the port channel a trunk, create the SVIs, and you basically have...
I'd probably try to fix this with DNS instead. Just have the profile point to a dns name ex: vpn.mycompany.com. When they're internal have the A record point to the dmz interface address, when they're external have it resolve to the outside interface...
You should be able to find what you need here: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/customize-localize-anyconnect.html
Sounds good. Also I know the error you're receiving from prtg. I've experienced it when it tries a https sensor, and the ASA's ssl settings were on lower, weaker ciphers.