Skip to main content
HyTronix
HyTronix
New Member
November 22, 2024
Question

Site to Site IPSEC between to FortiGates - SNAT Question

  • November 22, 2024
  • 2 replies
  • 1020 views

I have two fortigates with a site-to-site VPN connection.  This works fine, and is configured like this:

 

192.168.10.0/24->Fortigate 1->WAN->Internet->WAN->Fortigate 2->192.168.20.0/24

 

My question is, can a pool be created on Fortigate 1, say a portion of the 192.168.10.0/24 network, for example, 192.168.10.200-250, that incoming connections from remote network 192.168.20.0/24 get mapped to?

 

End goal is to make devices on 192.168.20.0/24 appear to the server on 192.168.10.0/24 that they are on the same subnet as the server.

 

Thanks,

 

-John

2 replies

HarshChavda
Staff
HarshChavda
Staff
November 22, 2024

Hello @HyTronix ,

 

Yes, you can create an IP Pool on FortiGate 1 with the range 192.168.10.200-250 and apply it to the VPN policy that allows traffic from 192.168.20.0/24 to 192.168.10.0/24. When enabling NAT in the policy, select the created IP Pool.

mle2802
Staff
mle2802
Staff
November 22, 2024

Hi @HyTronix,

You can refer to this document for more information https://community.fortinet.com/t5/FortiGate/Technical-Tip-Implement-Source-NAT-for-IPsec-interface/ta-p/224533

Terms & ConditionsAccessibility statement