hi,

1.Description

nat not on ASA,in front of ASA.

2.question:my Remote Access VPN can not ping the inside servers(10.0.0.0/16,10.10.0.0/16,10.11.0.0./16,10.12.0.0/16,172.16.0.0/16)

my vpn pool is 10.0.128.1-10.0.135.254 mask 255.255.248.0

ASA Version 8.4(5)
!

interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 10.0.0.164 255.255.255.248 
!
interface GigabitEthernet0/1
nameif outside
security-level 50
ip address 10.0.0.169 255.255.255.248
!

!
boot system disk0:/asa845-k8.bin

access-list any extended permit ip any any
access-list any extended permit icmp any any
access-list split standard permit 10.0.0.0 255.255.0.0
access-list split standard permit 10.10.0.0 255.255.0.0
access-list split standard permit 10.11.0.0 255.255.0.0
access-list split standard permit 10.12.0.0 255.255.0.0
access-list split standard permit 172.16.0.0 255.255.0.0

ip local pool ssl-ip-pool 10.0.128.1-10.0.135.254 mask 255.255.248.0

icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-702.bin

access-group any in interface inside
access-group any out interface inside
access-group any in interface outside
access-group any out interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.171 1
route inside 10.0.0.0 255.255.0.0 10.0.0.163 1
route inside 10.10.0.0 255.255.0.0 10.0.0.163 1
route inside 10.11.0.0 255.255.0.0 10.0.0.163 1
route inside 10.12.0.0 255.255.0.0 10.0.0.163 1
route inside 172.16.0.0 255.255.0.0 10.0.0.163 1

webvpn
enable outside
anyconnect image disk0:/anyconnect-win-3.1.01065-k9.pkg 1
anyconnect enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
group-policy GroupPolicy_mt-ssl-profile internal
group-policy GroupPolicy_mt-ssl-profile attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain none

username huang password 2iP8hQebDVjA4sLR encrypted
tunnel-group mt-ssl-profile type remote-access
tunnel-group mt-ssl-profile general-attributes
address-pool ssl-ip-pool
default-group-policy GroupPolicy_mt-ssl-profile
tunnel-group mt-ssl-profile webvpn-attributes
group-alias mt-ssl-profile enable
!

3.The above condition

my  Remote Access VPN can ping Internet(www.cisco.com),but can not ping inside servers

4. if change like this ,this question is also,can not ping .

object network obj-vpnpool

subnet 10.0.128.0 255.255.248.0

nat (inside,outside) source static any any destination static obj-vpnpool obj-vpnpool

my  Remote Access VPN can ping Internet(www.cisco.com),but can not ping inside servers

5.if change like this

group-policy GroupPolicy_mt-ssl-profile attributes

split-tunnel-policy excludespecified

i can ping inside servers ,but can not ping  internet(ping www.cisco.com)

thank you