So i am looking to add one of my spare 5510 firewalls to my network as a secondary vpn connection.
All i want this new ASA to do is handle VPN anyconnect connections to my site. I am pretty new to ASAs so any help would be great. I know how to create a new VPN acccess on my ASA and i have added a NAT for my inside/outside traffic for my new VPN IP Pool.
My question is, since this is only for VPN and i want all my current internal traffic to continue routing to the existing 5510 asa, do i need to enter any ACLs to my new VPN only asa? Are ACLs used for VPN traffic and do i need them for traffic to route over VPN?
I am setting up the inside interface connecting to one of my main Cisco switches and the Outside interface is connecting to my DMZ switch on the new VPN only ASA.
When you do it the way you're describing, you do need a static NAT (DMZ,Outside) rule and access-list (outside to DMZ) on the production ASA. There should not be any NAT rules for the VPN pool required or used on the production ASA. You will need the routing on your core L3 switch to the inside of the VPN-only ASA for the VPN pool subnet (or host addresses).
If you're only doing SSL VPN that's easiest because then only tcp/443 is needed in your access-list (assume you won't easily be able to use DTLS over UDP in this setup).
If you want to use IPsec (IKEv2) with Anyconnect then some of the other ports and protocols (and probably NAT-T) need to be configured and allowed.
I'm not sure if I follow how you are connecting the outside interface of the VPN only ASA. Normally in this sort of setup we would see the VPN ASA "in parallel" with the edge firewall.
You mention the DMZ switch which threw me a bit. If you are coming in via your primary firewall and going to the VPN only ASA via the DMZ then yes you will need to allow several ports open (protocol 50, udp/500, tcp/443 among others) and may have to do some other techniques (NAT-T etc.) depending on what type of remote access you are setting up. That's why we seldom see that setup used - it adds a fair amount of complexity without significant benefit.
When that former setup is used, you need the internal switch to know to route traffic to the VPN pool via the VPN only ASA inside interface. A static route is most often used although you could use OSPF or EIGRP if you wanted.
We don't typically need any access-list as the VPN traffic bypasses the outside interface inbound access lists. Return traffic to remote clients is coming from inside and going via outside (and is generally part of anestablished connection) so no access-list is necessary on the inside.