08-19-2019 11:22 AM
Hi All,
I'm unable to connect anyconnect vpn in my environment.
As per my requirement Users on outside interface would connect to corporate network (192.168.10.0/24) via anyconnect vpn whose traffic goes via Fortigate (here fortigate will just do routing as normal router).
Please find Attached diagram & below Configuration done on respective devices
1) On Fortigate -: Bidirectional policy created for ASA link connected to it i.e DMZ (10.1.1.2/24 to INSIDE 192.168.10.1/24) and vice-versa
Static route for VPN users pool (11.1.1.0/28) using gateway 10.1.1.1(ASA link).
2) On ASA -: DMZ (10.1.1.1/24 to Any) & DMZ to Outside (1.1.1.1/24) for ASA internet reachability.
ASA MGMT interface (10.3.3.3) is directly to Core Switch (10.3.3.254) just for MGMT traffic.
Default route of ASA towards ISP for internet reachability.
Can anyone let me know how can I configure anyconnect Vpn in this scenerio.
Attached diagram for reference.
Any help will be highly appreciated.
08-20-2019 06:43 AM
I don't see why this would not work. The DMZ interface on the ASA is just like an Inside interface. You would have to create NAT exemption between DMZ and outside on the ASA. Also the routes on both ASA and Fortigate should be correct to allow for traffic to flow bidirectionally.
What is not working for you? Are you able to connect but not reach internal resources?
08-20-2019 07:15 AM
Hi Rahul,
Thanks for your reply.
I'm not able to connect to anyconnect Vpn from outside. It gives me an error " Unable to connect" When trying by dialing Outside interface public IP.
Also attached is the Evaluation/demo licenses which I have installed on my ASA, would they are sufficient to established anyconnect Vpn ?
08-20-2019 07:26 AM
Then it's most likely not an issue with NAT or routing. Can you ping from the ASA outside interface to the internet (say 8.8.8.8)? Share your ASA config if possible.
08-21-2019 08:32 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: