Slightly strange AnyConnect issue, well two in fact.
We have it set up for split tunnellin Included in the split tunnel is
Our head office subnets (10.1.0.0/16) where the ASA is located
Our azure VNET (10.2.0.0/16) We have a site to site VPN between HO and Azure.
Problem 1: When connected via AnyConnect I get to literally anything in the HO subnet apart from the firewall. It doesn’t ping on any interface or sub interface. I put in a management rule as I needed to temporarily be able to do configuration over the VPN and that doesn’t work. The interfaces are in the same subnets I can get to. For example on the inside interface the IP is 10.1.252.2 which I can’t get to. However I can get to 10.1.252.1 which is the switch connected to it.
On the asa there is a route for the 10.1.0.0/16 network with a next hop if the switch stack which does the inter-VLAN routing. However as the interface addresses Willa Leo be in the route table as directly connected I can’t see this been the issue.
Problem 2: I am unable to route the the Azure network
I have put an outside to outside NAT exemption in for the traffic
I have put a firewall rule in to allow the connection
I have enabled same-security permit intra-interface.
Any ideas on either issue would be greatly appreciated