Hi,
The way I do it with ACL applied at the outside interface
remove sysopt for IPsec
No sysopt 4 IPSec
This is to allow esp ans isakmp traffic through oitside interface
access-list from-www permit esp any host 203.xx.x.x
access-list from-www permit udp any host 203.xx.x.x eq 4500
access-list from-www permit udp any host 203.xx.x.x eq isakmp
access-list from-www permit tcp any host 203.xx.x.x eq 10000
access-list from-www permit tcp 10.yy.y.0 255.255.255.0 host 10.1.1.50 eq www
access-list from-www permit tcp 10.yy.y.0 255.255.255.0 host 10.1.1.50 eq 8080
access-list from-www permit tcp 10.yy.y.0 255.255.255.0 host 10.1.1.50 eq https
access-group from-www in interface outside
203.xx.x.x. is the outside interface address
10.yy.y.0 is the ippool subnet
Hope this help,
And the other method might be using a split tunneling ACL applied to vpngroup
best regards