Hi RJI,

Thanks for your reply.

My requirement is like, want my users in corporate network sitting behind core and distribution level switches should connect to devices in other zone example (DMZ, Server farm) via secure anyconnect SSL client base Vpn configure on ASA.

If possible can anyone please share any document or configuration guide base on my requirement.

Ok, here is an example of SSL-VPN on ASA.

I wouldn't say what you are wanting to do is very practical, but it is possible. If the users are behind the ASA anyway, you should be able to just permit access from INSIDE to DMZ, without the need to run a SSL-VPN connection.

HTH

Hi RJI,

Thanks for your reply and suggestion to achieve my goal via access policies. But due to some complaince and client requirement we need access our servers in Dmz or any other zones via SSL Client vpn.

If you enable the AnyConnect client connection on both the outside interface and inside interface. Then your users should be able to use AnyConnect client to establish a session. Then you just need to be sure that your policies for the Remote Access vpn allow access to DMZ etc.

HTH

Rick

Hi Richard,

Thanks for your reply.

But could you please elaborate more about it.

Also if I want to enable SSL Vpn headend on inside interface for users to connect to SSL Vpn using inside interface IP, then why I want to enable SSL Vpn on outside.

You only need to enable webvpn (SSL VPN) on the interfaces where you want you clients to connect.

Tunnel only specified networks (your DMZ subnet(s)) in the group policy.

Either NAT the users' VPN addresses to the ASA interface address or else put routing in place so that the Fortigate knows the pool is reachable via the ASA interface.

Make sure the ASA interface (or VPN pool - according to which approach you took above) can reach the target DMZ host(s) and that the user's native addresses cannot - i.e. rules in your Fortigate