Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
To add to this, if you want to terminate the vlans on the switch, you can create SVIs (switched virtual interfaces), give them an ip, and they will work similar to a sub-interface.Make the port channel a trunk, create the SVIs, and you basically have...
I'd probably try to fix this with DNS instead. Just have the profile point to a dns name ex: vpn.mycompany.com. When they're internal have the A record point to the dmz interface address, when they're external have it resolve to the outside interface...
You should be able to find what you need here: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/customize-localize-anyconnect.html
Sounds good. Also I know the error you're receiving from prtg. I've experienced it when it tries a https sensor, and the ASA's ssl settings were on lower, weaker ciphers.
