All subnets are behind a /24 mask, each subnet is behind a different interface.

Here are my object groups.

object network dmz-network-local

subnet 192.168.10.0 255.255.255.0

object network dmz-network-remote

subnet 172.16.0.0 255.255.255.0

object network ad-network-local

subnet 192.168.2.0 255.255.255.0

object network ad-network-remote

subnet 172.17.0.0 255.255.255.0

object network db-network-local

subnet 192.168.30.0 255.255.255.0

object network db-network-remote

subnet 172.18.0.0 255.255.255.0

I'll post the running config in a while.

Did you group it as follows?:

object-group network obj-local

     network-object object dmz-network-local

     network-object object ad-network-local

     network-object object db-network-local

object-group network obj-remote

     network-object object dmz-network-remote

     network-object object ad-network-remote

     network-object object db-network-remote

nat (inside,outside) source static obj-local obj-local  destination static obj-remote obj-remote

Thats correct.

I used vpn-group-local

object-group network vpn-network-local

     network-object object dmz-network-local

     network-object object ad-network-local

     network-object object db-network-local

object-group network vpn-network-remote

     network-object object dmz-network-remote

     network-object object ad-network-remote

     network-object object db-network-remote

Then added that group to the ACL

access-list outside_1_cryptomap permit ip object vpn-network-local object vpn-network-remote

However, I did create a seperate nat statment for each subnet.

e.g.

nat (inside,outside) source static dmz-network-remote dmz-network-remote destination static dmz-network-remote dmz-network-remote

Would I need to add in some sort of routing?

As all I have in the config a the mo is

ip route 0.0.0.0 0.0.0.0

I will upload a running config shortly after I have taking out some infomation.

I have removed much of the important information:

ASA Version 8.3(1) 
!
hostname ASA 8.3
domain-name ASA1
enable password 
passwd 
names
!
interface Ethernet0/0
 no nameif
 security-level 0
 no ip address
!
interface Ethernet0/0.1
 description AD Zone
 vlan 30
 nameif AD_Zone
 security-level 100
 ip address 192.168.30.1 255.255.255.0 standby X.X.X.X
!
interface Ethernet0/0.2
 description DB Interface
 vlan 20
 nameif DB_Zone
 security-level 100
 ip address 192.168.20.1 255.255.255.0 standby X.X.X.X
!
interface Ethernet0/1
 description Management Interface
 nameif Inside
 security-level 100
 ip address 192.168.0.1 255.255.255.0 standby X.X.X.X
!
interface Ethernet0/1.1
 description DMZ Interface
 vlan 10
 nameif DMZ_Zone
 security-level 50
 ip address 192.168.10.1 255.255.255.0 standby X.X.X.X 
!
interface Ethernet0/2
 description Untrust Interface
 nameif Outside
 security-level 0
 ip address X.X.X.X X.X.X.X standby X.X.X.X 
!
interface Ethernet0/3
 description LAN/STATE Failover Interface
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
 domain-name asa.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network Management_Inside_Out_NAT 
 subnet 192.168.0.0 255.255.255.0
object network AD_Inside_Out_NAT 
 subnet 192.168.10.0 255.255.255.0
object network DB_Inside_Out_NAT 
 subnet 192.168.20.0 255.255.255.0
object network DMZ_Inside_Out_NAT 
 subnet 192.168.30.0 255.255.255.0
object network ad-network-local 
 subnet 192.168.10.0 255.255.255.0
object network db-network-local 
 subnet 192.168.20.0 255.255.255.0
object network dmz-network-local 
 subnet 192.168.30.0 255.255.255.0
object network network-remote1 
 subnet 172.16.0.0 255.255.255.0
object network network-remote2
 subnet 172.17.0.0 255.255.255.0
object network network-remote3 
 subnet 172.18.0.0 255.255.255.0
object-group network vpn-group-local
 network-object object ad-network-local
 network-object object db-network-local
 network-object object dmz-network-local
object-group network vpn-group-remote
 network-object object network-remote1
 network-object object network-remote2
 network-object object network-remote3
object-group protocol DM_INLINE_PROTOCOL_1
 protocol-object ip
 protocol-object icmp
access-list Outside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 object-group vpn-group-local object-group vpn-group-remote 
access-list outside_1_cryptomap extended permit ip object-group vpn-group-local object-group vpn-group-remote 
pager lines 24
logging enable
logging asdm informational
mtu AD_Zone 1500
mtu DB_Zone 1500
mtu Inside 1500
mtu DMZ_Zone 1500
mtu Outside 1500
mtu management 1500
failover
failover lan unit primary
failover lan interface failover Ethernet0/3
failover key 
failover link failover Ethernet0/3
failover interface ip failover X.X.X.X X.X.X.X standby X.X.X.X
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (DMZ_Zone,Outside) source static dmz-network-local dmz-network-local destination static network-remote1 network-remote1
nat (DMZ_Zone,Outside) source static dmz-network-local dmz-network-local destination static network-remote2 network-remote2
nat (DMZ_Zone,Outside) source static dmz-network-local dmz-network-local destination static network-remote3 network-remote3
nat (AD_Zone,Outside) source static ad-network-local ad-network-local destination static network-remote1 network-remote1
nat (AD_Zone,Outside) source static ad-network-local ad-network-local destination static network-remote2 network-remote2
nat (AD_Zone,Outside) source static ad-network-local ad-network-local destination static network-remote3 network-remote3
nat (DB_Zone,Outside) source static db-network-local db-network-local destination static network-remote1 network-remote1
nat (DB_Zone,Outside) source static db-network-local db-network-local destination static network-remote2 network-remote2
nat (DB_Zone,Outside) source static db-network-local db-network-local destination static network-remote3 network-remote3
!
object network Management_Inside_Out_NAT
 nat (Inside,Outside) dynamic interface
object network AD_Inside_Out_NAT
 nat (AD_Zone,Outside) dynamic interface
object network DB_Inside_Out_NAT
 nat (DB_Zone,Outside) dynamic interface
object network DMZ_Inside_Out_NAT
 nat (DMZ_Zone,Outside) dynamic interface
access-group AD_Zone_access_in in interface AD_Zone
access-group DB_Zone_access_in in interface DB_Zone
access-group Inside_access_in in interface Inside
access-group DMZ_Zone_access in interface DMZ_Zone
access-group Outside_access_in_1 in interface Outside control-plane
access-group Outside_access_in in interface Outside
route Outside 0.0.0.0 0.0.0.0 X.X.X.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL 
http server enable 9000
http X.X.X.X X.X.X.X management
http X.X.X.X X.X.X.X Outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.X.X 
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 192.168.10.0 255.255.255.0 Inside
telnet timeout 5
ssh X.X.X.X 255.255.255.255 Outside
ssh X.X.X.X 255.255.255.0 Outside
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DfltGrpPolicy attributes
username 
tunnel-group X.X.X.X type ipsec-l2l
tunnel-group X.X.X.X ipsec-attributes
pre-shared-key 
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny  
  inspect sunrpc 
  inspect xdmcp 
  inspect sip  
  inspect netbios 
  inspect tftp 
  inspect ip-options 
!
service-policy global_policy global
prompt hostname context

Javier,

Thank you for the reply.

I was under the impression that you use the twice nat statment here? As I used the that config from one subnet to another which worked.

I will amend the config and report back, I wont be able to report back till later today

Basically, I just created more specific entries for your individual networks, for troubleshooting purposes and to avoid further issues, that's better.

Now, please clean up some other NAT rules that might be considered duplicates and try with the lines above.

Keep me posted

I am glad to hear that

It is very interesting since what you did is what I recommended, but in different words.

Instead of defining a NAT statement per network / interface you used the "any" keyword.

Thank you so much for posting your problem on CSC, we look forward to working with you once again in the future.

Please mark this post as answered since the original issue has been resolved.

Many thanks for the help to solve the small problem I had.

Thanks

Andy

You are very welcome

Take care.