SSL-VPN Public IP

Forum|Forum|6 years ago
September 16, 2019
1 reply
15357 views

Hi Guys,

I been looking at making this change for some time now but would like some advice on the best way to get this done.

I have looked through the forums and some CB but the best advice is that from an FG pro.

our public IP in the office is 196.x.x.x.

when our users dial-up to the SSL-VPN they able to access our office servers.

when they dial into the VPN the FG assigns them a local IP of 10.212.x.x. and their public IP does not change to the office IP.

I am looking for a way of giving the users the same IP as our office is this possible?

rwpatterson

New Member

Welcome to the forums.

You need to be a bit more specific. The users IP address will never change. You need to tell us under which context you wish to have their address appearance changed.

adamsf1Author

New Member

So when user 1 connects to the ssl-vpn he still has his public IP wich is for eg. 105.12.x.x

I am needing to set up the SSL-VPN so when user 1 connects, his IP would change to the office IP witch is 196.22.x.x

Some of our servers are sitting in AWS and we find our selfs whitelisting IPs when these users are outside of the office.

we have a RAS Setup on a windows server that works on L2TP but I am hoping to get rid of this server and making use of the FortiGate instead.

I did disable split tunnelling as some forums recommend but after I disable split tunnelling I can only hit the local LAN.

rwpatterson

New Member

You need to create a policy from SSL-VPN to the Internet with NAT enabled. If you do not include an IP pool, the default WAN address will be used, hopefully fulfilling your initial request. You will need also a static route to the SSL subnet with those addresses so that return traffic knows where to go. You may have already done that part.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded