Skip to main content
zlimmen
zlimmen
New Member
May 16, 2018
Question

SSL-vpn -> LAN -> ipsec

  • May 16, 2018
  • 1 reply
  • 7009 views

Hi,

so I have a customer that wants me to set up ssl-vpn so he can access the company LAN and he also wants access to a RDP on a ipsec connection.

 

the ssl-vpn part is no problem, but the part that he wants to use rdp against the ipsec connection, the connection against the ipsec has be from the company LAN.

 

is VIP the way to go? if yes, please give me an example.

 

Thanx in advance :)

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 16, 2018

    On SSL VPN side, if it's split-tunnel, you need to add RDP destination address or subnet to come though the SSL VPN tunnel.

    On IPSec side, you need to add SSL VPN's subnet to IPSec tunnel to pass-through on both local and remote sides, just like adding a new LAN subnet for the IPSec.

    zlimmen
    zlimmenAuthor
    New Member
    June 1, 2018

    wow, I forgot about this post, sorry.

     

    the problem is that I do not have access to the ipsec on the other side, so the question is how to NAT ssl vpn trough the LAN to ipsec, so that the otherside thinks is is comming from company LAN.

     

    hopefully you understand my problem.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    June 1, 2018

    Then, reserve/exclude an IP from LAN DHCP (in case DHCP) and create an ippool like below and use it in a separate policy from ssl.root to IPSec interface.

    http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-transparent-54/3-Networking/2-NAT/2-SNAT.htm

     

    Terms & ConditionsAccessibility statement