The mapped pool typically includes fewer addresses than the real group. Because this is a hairpin connection, you need to enable intra-interface communication, which is also required for non-split-tunneled Internet-bound traffic from the VPN client. Consider the following guidelines when creating objects for mapped addresses. PAT pool and round robin address assignment. This could result in many similar rules where only one interface is different.
nest...