I recently switch from Site to Site EZVPN connection to a fiber connection for my remote site back to the home network and had some issues getting the route learned through EIGRP instead of that EZVPN site to site. Cisco ASA 5520: Issues removing EZVPN from the device
Now that's all working, but now when users on our AnyConnect VPN try to access machines on that remote network they can't. When I connect to the vpn then try to ping the remote network, pings drop. When I traceroute it traces out to the internet like it doesn't recognize the route.
Packet tracer doesn't help because both ways I put the addresses in it says ALLOW. packet-tracer input inside icmp <VPN address> 8 0 <remote network switch address>
and packet-tracer input inside icmp <remote network switch address> 8 0 <VPN address>
. I even tried it using DMZ (since our VPN is in our DMZ) as the source and I still get allow both ways.
The main firewall is learning the route correctly as far as I can see: Firewall# sh eigrp topology | inc <remote network>
P <remote network> 255.255.255.0, 1 successors, FD is 3584
I'm not sure why it's not pinging out right. Any help is appreciated.