I am trying to configure BGP based routing between two sites using two ASA 5506Xs. Routing between most of the sites works fine. The one exception is the VPN networks. The subnets are configured using the Client Address Pool setting in the AnyConnect Connection Profile settings.
Traditionally when these sites were connected via VPN Tunneling, including the VPN subnets in the source and target networks for the tunnel was sufficient.
When using BGP routing, this is not sufficient. I have tried sharing the VPN subnets as part of the BGP routing. This enabled only one way traffic: The remote non-VPN networks could route to the VPN subnets, but the VPN subnets could not route to the remote non-VPN. The end result was that users who access the VPN could route to local networks (one's specific to that site/VPN) but not the networks on the other end of the VPN.
I believe part of the problem is that when a VPN connection is made, a /32 route is added to the routing table on the ASA that handles routing for that individual address. But I'm not sure how to resolve this while preserving the otherwise functional VPN config.
Clearly part of what you are describing is Remote Access VPN which allows a client PC to connect to the ASA and to access resources that are local to the ASA. It also sounds like you have a site to site vpn between the ASAs. Is that the case?
It would help us if we knew more about the AnyConnect vpn. In particular is AnyConnect set up for split tunnel where traffic from the PC for resources in Internet go directly to ISP and traffic for resources on ASA go through the vpn or is it set up for full tunnel where all traffic from PC goes through the vpn?
I am still not clear about your issue. What I think I understand is that you have 2 sites (perhaps siteA and siteB). SiteA and SiteB have site to site vpn which is working and provides connectivity for subnets at each site to reach the other site. One of the sites also has remote access vpn using AnyConnect. Am I correct in understanding that you want to discontinue the site to site vpn and instead just route traffic between sites using BP?
Am I correct in understanding that the BGP routing is working for traffic between connected subnets at both sites (any host in a subnet of siteA can access resources in subnets of siteB, and any host in a subnet of siteB can access resources in subnets of siteA) but is not working for clients using AnyConnect?
If that understanding is correct then my first guess about the issue is about address translation. You probably have a static translation (perhaps sometimes referred to as nat exemption) so that AnyConnect traffic is not translated between sites. If you remove that static translation does the behavior change?