I'm unable to connect anyconnect vpn in my environment.
As per my requirement Users on outside interface would connect to corporate network (192.168.10.0/24) via anyconnect vpn whose traffic goes via Fortigate (here fortigate will just do routing as normal router).
Please find Attached diagram & below Configuration done on respective devices
Static route for VPN users pool (18.104.22.168/28) using gateway 10.1.1.1(ASA link).
2) On ASA -: DMZ (10.1.1.1/24 to Any) & DMZ to Outside (22.214.171.124/24) for ASA internet reachability.
ASA MGMT interface (10.3.3.3) is directly to Core Switch (10.3.3.254) just for MGMT traffic.
Default route of ASA towards ISP for internet reachability.
Can anyone let me know how can I configure anyconnect Vpn in this scenerio.
Attached diagram for reference.
Any help will be highly appreciated.
I don't see why this would not work. The DMZ interface on the ASA is just like an Inside interface. You would have to create NAT exemption between DMZ and outside on the ASA. Also the routes on both ASA and Fortigate should be correct to allow for traffic to flow bidirectionally.
What is not working for you? Are you able to connect but not reach internal resources?
Thanks for your reply.
I'm not able to connect to anyconnect Vpn from outside. It gives me an error " Unable to connect" When trying by dialing Outside interface public IP.
Also attached is the Evaluation/demo licenses which I have installed on my ASA, would they are sufficient to established anyconnect Vpn ?
Then it's most likely not an issue with NAT or routing. Can you ping from the ASA outside interface to the internet (say 126.96.36.199)? Share your ASA config if possible.