Hi all,

Hopefully someone can help me out. I have a 5515x running and clients using AnyConnect to VPN in. Connected to this ASA is the link to Express Route and we're advertising (BGP) subnets from the ASA to Express Route, they all work however people on the AnyConnect VPN cannot access machines in Azure.

The VPN pool subnet is 172.30.8.0/24

Checking the Express Route Routing Table shows there is no route for the VPN subnet and it doesn't appear that the ASA is advertising it either when I run "show bgp" from the ASA the subnet (172.30.8.0/24) isn't present in the list and nor is it present in ER's route table either.

Below is the BGP config from the ASA which i've attempted to sanitise

router bgp xxxxx
bgp log-neighbor-changes
bgp bestpath compare-routerid

address-family ipv4 unicast
neighbor 172.xx.xx.x remote-as xxxxx
neighbor 172.xx.xx.x activate

network 172.xx.x.0 mask 255.255.255.0
network 172.xx.x.0 mask 255.255.255.128
network 172.xx.x.0 mask 255.255.255.0
network 172.xx.x.0 mask 255.255.255.0
network 172.30.8.0 mask 255.255.255.0
network 172.xx.xx.0 mask 255.255.252.0
network 172.xx.xx.0 mask 255.255.255.248
network 192.168.xx.0
network 172.xx.xx.0 mask 255.255.254.0
network 172.xx.xxx.0 mask 255.255.254.0
network 192.168.xxx.0
network 172.xx.xx.x mask 255.255.255.248
network 172.xx.xx.xxx mask 255.255.255.239

no auto-summary
no synchronization
exit-address-family
!