Hello,

Please see attached simple network diagram of what I've got going on. I have a remote site with LAN subnet 10.30.1.0/24, I have connecting via a site-to-site VPN between a Cisco 881 router to our ASA 5515 VPN Concentrator at our corporate office. This ASA is only used for our AnyConnect clients, and this new solution.

Our goal is going to be to take the traffic from the remote site (10.30.1.0/24) and route all their internet traffic out our corporate HQ ASA 5516 in the diagram attached. This ASA 5516 has our firepower and umbrella solution tied to it.

Currently both ASA's (VPN concentrator and Primary Firewall) land on a DMZ switch with live internet connections. I was trying to do some policy based routing on the VPN concentrator but am finding that particular ASA can't do policy based routing (Software Version 9.2(2)4)? I try to run the command on the interface and it's just not there.

Basically I wanted to take any traffic from the remote office subnet (10.30.1.0/24) and with any destination and pipe it down to our Nexus Router to then disperse either to internal resources, or out our Primary Firewall for internet access. However I"m having troubles getting source based routing to work on our ASA 5515 VPN Concentrator. 

I was using this article, but I can't do step 6, the "policy-route" command on the interface. Just says unrecognized command.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/route-policy-based.html

Does anyone know of another solution? I do know that if I make a static route on our VPN concentrator ASA like "route inside 8.8.8.8 255.255.255.255 172.17.150.246 1" it then sends any pings from my remote office host to my Nexus router and out the internet successfully. I'm afraid to do a "route inside 0.0.0.0 0.0.0.0 172.17.150.246 1" because we have a "route outside 0.0.0.0 0.0.0.0 1.2.3.4 1" already for that ASA to get to the internet.

Sorry in advance for the long winded-ness of this question.