Lan-to-lan Ipsec tunnel

How can I change the source ip of the LAN behind the Fortigate on the fortigate firewall so that the Firewall X sees the traffic as 192.168.10.0/24 and not 192.168.1.0/24. How would the fortigate firewall translate the ip address back to 192.168.1.0/24 when it receives the response from the remote side.

310 4.3.6

You' ve explained your plan as clear as possible. What you need to do is source-NAT the traffic that enters through the tunnel, coming from the FGT LAN. I can tell you what to configure on the FGT side, and take care of what to do on the Firewall X to handle the .10 traffic. Source NAT is done by IP pools. Here' s how (all on the FGT). You' ve got one policy ' internal' to ' tunnel2X' (or whatever you call it). First, you create an IP pool with a /24 subnet: 192.168.10.0/24. Then you check ' NAT' in the policy, check ' Dynamic NAT' and select the IP pool. That' s it. The receiving end will only see traffic coming from 192.168.10.x. The FGT will translate the whole subnet 1:1, i.e. 192.168.1.14 will become .10.14. Reply traffic coming from FW X is translated back to the original IP address. Make sure your Quick Mode selectors on FW X reflect the translated subnet, ie. .10.x now. And the route pointing back to the FGT has to be changed as well. Tell us how it went, please.

Thanks ede_pfau. I will update you once this has been successfully implemented. Another way to do it would be using " Central NAT table" . Would that work?

Yes. But IMHO the Central NAT table is the Rolls Royce when the VW IP pool will do as well. But you can try both of course.