well... I use a default certificate that is linked to the SSL VPN I created. 

I have added a new Certficate for the FQPN as well as direct IP Address (although I have a dynaic IP on my WAN... in some point of time it would change)....

And I still ge that message about unsucceful domain name resolution (And still get the unsecure server...)

well... I use a default certificate that is linked to the SSL VPN I created. 

I have added a new Certficate for the FQPN as well as direct IP Address (although I have a dynamic IP on my WAN... in some point of time it would change)....

And I still ge that message about unsucceful domain name resolution which prevents access to my network (And still get the unsecure server message..)

anyone who could help me?

i have by now added the port xyz of the vpn to the anyconnect client, separated by a : and that works at least when remaining in the same network. i can log in with userid and pw. 

when trying to access from outside using vpn i now get another message of failure 'the service provider in your current location is restricting access to the internet. you not to log on with the service provider before you can establish a vpn session. you can try this by visiting any website with your browser.'

while i am wirting this. obviously internet works... so what is the problem now??

Is there a proxy server between your client PC and the Internet?

no, nothing in between. and while that message popos up i can continue to work on internet.

or lets put it that way. as i am using the mobile hotspot of my handy to simulate access from outside i assume there is no proxy

One of the directives of network troubleshooting is to assume nothing. haha

Seriously, your hotspot could be causing any number of issues in this scenario.

Can you ask anybody else to try accessing without going via hotspot? If you want to direct message me the address or FQDN I can try it.

hi Marvin

did get around that by disabling the captive portal detection in anyconnect. 

now it works. i can log in and use my internal network. i can use .y dynamic dns or the wan ip to do so,

what i stil get with both access methods is the warning about the certificate not matching the server if you now how to pout that straight. but it does not prevent me from working on my net

and what i also get now is with each login an error message logged saying 

2018-12-19T09:24:41+01:00 <notice>sslvpnd: pam_krb5(anyconnect-vpn:auth): authentication failure; logname=xyz uid=0 euid=0 tty= ruser= rhost=

is that a problem?

It appears your hotspot was essentially behaving like a captive portal. Glad you straightened that out.

Regarding the certificate, you are probably using self-signed. The client won't trust that. If it's just for testing or on-off I would live with it.

If you want to learn a bit about certificates then generate a Certificate Signing Request (CSR) on the router or using openssl or a free program like XCA. Be sure to use the DDNS FQDN as the common name. Then get it signed by a trusted CA (usually means paying a 3rd party like GoDaddy). Then install the resultant certificate on the router.

I don't know about the error message you are seeing. I work with ASAs mostly.