Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thalaivarda
New Contributor

Routing from SSL VPN interface with NAT

So people want to work from home. There is a MPLS at location B which accepts only source ip 10.10.0.0/24.,. Location B has a vlan interface with 10.10.0.1/24 with 200 odd windows systems. Location A has Fortigate. Location A and Location B is connected thru a point to point terminated on the Core Switch with eigrp. So SSLVPN interface to Internal interface with NAT enabled. pointing to a ip pool overload to a single free ip 10.10.0.200. The ip which needs access over the MPLS is 10.200.200.0/24. Added necessary routes. Will this work?
3 REPLIES 3
Toshi_Esumi
Esteemed Contributor II

It's just a simile routing question 1) if the source has a route to the destination, and 2) if the destination has a route back to the source.

In case NATed inbetween the source becomes the SNAT's outside IP. You just need to check through all hops if the routing table at that point has both routes.

thalaivarda

Thanks for the reply. My concern is, is it alright for the switch which contains the 10.10.0.0/24 vlan to learn one ip 10.10.0.200 thru another interface.
Toshi_Esumi
Esteemed Contributor II

10.10.0.0/24 and 10.10.0.200/32 (or longer than 24) are different routes (or prefix/prefix-length). Virtually any routers including FGT would handle them properly.

Only thing you can't do is to configure 10.10.0.200/32-25 as another interface IP on the same FGT.