So, we are in the process of transitioning away from a Cisco ASA to a Fortigate Firewall. However, as we test the new Fortigate Firewall, we must keep the ASA (and its associated AnyConnect clients) up and running.
Here is how things are currently connected:
Internet (5.5.5.5) --> Cisco ASA 5510 (10.1.2.10) --> Cisco 4506 (10.1.2.254) --> Rest of network
Internet (5.5.5.6) --> Fortigate 200E (10.1.2.12) --> Cisco 4506 (10.1.2.254) --> Rest of network
Generally for testing, I have been switching back and forth between the two firewalls on the Cisco 4506 using an IP route:
ip route 0.0.0.0 0.0.0.0 10.1.2.12 (or 10.1.2.10 if I want to switch back to the ASA).
I would like to leave the routing flowing through the Fortigate for our company's Internet. However, when I do this, the Cisco ASA's VPN ceases to function. The Cisco ASA's VPN address space is 172.16.205.0/24.
Is there a way that I can leave the our Internet traffic flowing through the Fortigate firewall, while still allowing the Cisco ASA's AnyConnect clients to be functional? I have tried some route mapping with ACL's on the Cisco 4506, but I'm not sure if that's the correct way of doing things. Either way, the ACLs that I've been using aren't working. I would appreciate any suggestions. Thanks.