Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Bidirectional NAT through VPN with Cloud

Hey folks,


I'm trying to setup a VPN tunnel to a SAAS Cloud Software. The Cloud Software uses the network. My company also uses the network. Now I'm trying to setup the NAT rules so the traffic will flow. But i wont get this done.


Im trying to hide my company 10/8 net behind and the 10/8 network behind 


In the following you can see the configuration of the VPN Tunnel (this one is up and traffic from the cloud is reaching my fortigate) and of my policies. I have a static route for into the tunnel.


I hope someone can help me.


config firewall policy
    edit 1208
        set name "SAP-CC Test"
        set uuid 2af4b698-5708-51ea-ef41-538757c38250
        set srcintf "v-sap-cc"
        set dstintf "dmz1_extern"
        set srcaddr "all"
        set dstaddr "vip-"
        set action accept
        set schedule "always"
        set service "HTTP" "HTTPS"
        set logtraffic all
        set comments "\"Anlagegrund/Ticket-ID\"=\"sixj_sapcc\";"
        set nat enable
        set ippool enable
        set poolname "snat_172.21.1.0_SAP-CC"

    edit "v-sap-cc"
        set interface "port3"
        set ike-version 2
        set keylife 28800
        set peertype any
        set proposal aes256-sha256
        set dpd on-idle
        set dhgrp 14
        set nattraversal disable
        set remote-gw 52.157.XXX.XXX
        set psksecret ENC 123
    edit "v-sap-cc"
        set phase1name "v-sap-cc"
        set proposal aes256-sha256
        set dhgrp 14
        set replay disable
        set keylifeseconds 27000


Best regards