I have ASA 5506 version 9.8(2) in my office which connected to two (2) ISPs. I had implemented PBR to split our LAN subnet JTP and WIFI_JTP to respective route map. Subnet JTP which comes from wired vlan route-map to ISP 2 MYNET static ip and subnet WIFI_JTP comes from wifi vlan route-map to ISP 1 UNIFI going through pppoe dynamic ip. Both subnet JTP and WIFI_JTP were successfully routed to internet. Further more, I have another remote office (HQ) which all servers subnet 10.151.25.0/24 were resided. There is a requirement where all vlans in my office needed access to HQ server subnet. Both HQ and my office subnet were connected using ISP 2 MYNET through WAN interface. My vlan JTP (wired) have no issue connecting to HQ server subnet 10.151.25.0/24 because they are in the same gateway and properly NATted. However I have issue where vlan WIFI_JTP (wifi) cannot getting routed to server HQ server subnet due to there were in the different routed-map UNIFI. How can I achieve my objective to enable vlan WIFI_JTP (wifi) route to 10.151.25.0/24 in ASA? I have did static route "route WAN 10.151.25.0 255.255.255.0 10.151.21.1 1" to push any request to interface WAN but unfortunately still failed. Any suggestions on this really appreciate. Below is sanitized config related to only effected requirement in my ASA.
interface GigabitEthernet1/1
description /* connect to ISP 2 MYNET */
nameif WAN
security-level 0
ip address 10.151.21.3 255.255.255.248
!
interface GigabitEthernet1/2
description /* connect to inside LAN */
nameif LAN
security-level 100
ip address 172.31.5.2 255.255.255.240
policy-route route-map MYNET
!
interface GigabitEthernet1/3
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/3.1
description /* connect to ISP 1 UNIFI */
vlan 500
nameif UNIFI
security-level 0
pppoe client vpdn group GROUP_UNIFI
ip address pppoe setroute
object network JTP
subnet 172.31.6.0 255.255.255.0
description /* cable LAN */
object network WIFI_JTP
subnet 172.31.18.0 255.255.255.0
description /* wifi LAN */
object network REMOTE-SERVER-NETWORK
subnet 10.151.25.0 255.255.255.0
description /* remote server network */
object-group network ALL_MYNET_LAN
description /* All Vlan directed to MYNET */
network-object object JTP
object-group network ALL_INSIDE_LAN
description /* All vlan from inside interface */
network-object object JTP
network-object object WIFI_JTP
object-group service TCP_Allow tcp
port-object eq domain
port-object eq exec
port-object eq finger
port-object eq ftp
port-object eq ftp-data
port-object eq h323
port-object eq hostname
port-object eq https
port-object eq www
port-object eq ssh
port-object eq telnet
port-object eq login
port-object eq whois
port-object eq 1433
port-object eq 8080
port-object eq smtp
access-list ACL_MYNET extended permit ip object-group ALL_MYNET_LAN any
access-list INSIDE_ACCESS_IN extended permit tcp object-group ALL_INSIDE_LAN any object-group TCP_Allow log
mtu LAN 1500
mtu UNIFI 1492
object network JTP
nat (LAN,WAN) dynamic 10.151.21.5
object network WIFI_JTP
nat (LAN,UNIFI) dynamic interface
access-group INSIDE_ACCESS_IN in interface LAN
route-map MYNET permit 10
match ip address ACL_MYNET
set ip next-hop 10.151.21.1
route WAN 0.0.0.0 0.0.0.0 10.151.21.1 2
route WAN 10.151.25.0 255.255.255.0 10.151.21.1 1
route LAN 172.31.0.0 255.255.224.0 172.31.5.1 1