Skip to main content
Adanio
Adanio
New Member
November 30, 2016
Solved

Change Destination ip

  • November 30, 2016
  • 1 reply
  • 8460 views

Hello 

I'm new to the forum and also to Fortinet products. 

I've a customer that have a  request that i couldn't find an answer online. 

our scenario:  

In our network the lan interfaces are lan and lan2 and the ip is 172.16.x.x, wan port is our internet 

My customer want when he telnet to 10.0.0.x the packet will get to fortigate and the destination ip will change from 

10.0.0.x to legal ip on the internet 34.x.x.x and also the source ip change with NAT. 

I've tried many things and the last one was using VIP and configure the incoming interface as lan and have a policy from lan to wan where the source ip is 172.16.0.0 and destination is 10.0.0.x. 

we have 100D, ver 5.2.8

 

Does anyone knows if this is possible and how to accomplish this? 

Thanks 

 

    Best answer by Nils

    Where is the 10.0.0.x network located?

    Sounds like an odd solution..

     

    Create a VIP with LAN as incoming interface, 17.16.x.x as source network and 10.0.0.x as external then 34.x.x.x as mapped ip.

    Create a policy with the VIP as destination and also make sure that check the NAT checkbox in the policy.

    Maybe you'll have to create an IP-Pool with the source ip to use for the nat, specify this ip-pool in the policy under NAT.

     

     

    1 reply

    Nils
    NilsAnswer
    New Member
    November 30, 2016

    Where is the 10.0.0.x network located?

    Sounds like an odd solution..

     

    Create a VIP with LAN as incoming interface, 17.16.x.x as source network and 10.0.0.x as external then 34.x.x.x as mapped ip.

    Create a policy with the VIP as destination and also make sure that check the NAT checkbox in the policy.

    Maybe you'll have to create an IP-Pool with the source ip to use for the nat, specify this ip-pool in the policy under NAT.

     

     

    Adanio
    AdanioAuthor
    New Member
    November 30, 2016

    Hi Nilsan, 

    Thanks for your answer. 

     

    I'll Elaborate a bit

    The customer have a service on his computer that can only be configured with destination ip of 10.0.0.x 

    This ip is behind real ip address 34.x.x.x. (AWS). 

     

    I will try your solution and update 

    Thanks 

     

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    December 1, 2016

    A VIP does destination NAT - the destination address is exchanged when the packet traverses the policy.

    IF your goal is to use 10.0.0.x and reach 34.x.y.z on the net instead then you would use a VIP like posted above.

    IF your goal is to reach a 10.0.0.x in some remote LAN then you would probably have to use a VPN tunnel to get into that LAN.

    As it's not really clear to me what your setup is, please post a small diagram with network addresses to clarify.

    Terms & ConditionsAccessibility statement