Showing results for 
Search instead for 
Did you mean: 
Netplace Support

Unable to connect anyconnect Vpn

Hi All,


I'm unable to connect anyconnect vpn in my environment.


As per my requirement Users on outside interface would connect to corporate network ( via anyconnect vpn whose traffic goes via Fortigate (here fortigate will just do routing as normal router). 


Please find Attached diagram & below Configuration done on respective devices


1) On Fortigate -: Bidirectional policy created for ASA link connected to it i.e DMZ ( to INSIDE and vice-versa


Static route for VPN users pool ( using gateway link).


2) On ASA -: DMZ ( to Any) & DMZ to Outside ( for ASA internet reachability.


ASA MGMT interface ( is directly to Core Switch ( just for MGMT traffic.

Default route of ASA towards ISP for internet reachability.


Can anyone let me know how can I configure anyconnect Vpn in this scenerio.


Attached diagram for reference.


Any help will be highly appreciated.


Rahul Govindan

I don't see why this would not work. The DMZ interface on the ASA is just like an Inside interface. You would have to create NAT exemption between DMZ and outside on the ASA. Also the routes on both ASA and Fortigate should be correct to allow for traffic to flow bidirectionally. 


What is not working for you? Are you able to connect but not reach internal resources? 

Hi Rahul,


Thanks for your reply.


I'm not able to connect to anyconnect Vpn from outside. It gives me an error " Unable to connect" When trying by dialing Outside interface public IP.


Also attached is the Evaluation/demo licenses which I have installed on my ASA, would they are sufficient to established anyconnect Vpn ?



Then it's most likely not an issue with NAT or routing. Can you ping from the ASA outside interface to the internet (say Share your ASA config if possible. 

Hi Rahul, Thanks for your reply. Issue has been due to insufficient amount of licenses, which has been resolved now.
Recognize Your Peers
Content for Community-Ad