Hey folks,
I'm trying to setup a VPN tunnel to a SAAS Cloud Software. The Cloud Software uses the 10.0.0.0/8 network. My company also uses the 10.0.0.0/8 network. Now I'm trying to setup the NAT rules so the traffic will flow. But i wont get this done.
Im trying to hide my company 10/8 net behind 172.24.0.0/16 and the 10/8 network behind 172.21.0.0/16.
In the following you can see the configuration of the VPN Tunnel (this one is up and traffic from the cloud is reaching my fortigate) and of my policies. I have a static route for 172.21.0.0 into the tunnel.
I hope someone can help me.
config firewall policy
edit 1208
set name "SAP-CC Test"
set uuid 2af4b698-5708-51ea-ef41-538757c38250
set srcintf "v-sap-cc"
set dstintf "dmz1_extern"
set srcaddr "all"
set dstaddr "vip-172.24.1.1_genex.sapcc"
set action accept
set schedule "always"
set service "HTTP" "HTTPS"
set logtraffic all
set comments "\"Anlagegrund/Ticket-ID\"=\"sixj_sapcc\";"
set nat enable
set ippool enable
set poolname "snat_172.21.1.0_SAP-CC"
next
end
edit "v-sap-cc"
set interface "port3"
set ike-version 2
set keylife 28800
set peertype any
set proposal aes256-sha256
set dpd on-idle
set dhgrp 14
set nattraversal disable
set remote-gw 52.157.XXX.XXX
set psksecret ENC 123
next
end
edit "v-sap-cc"
set phase1name "v-sap-cc"
set proposal aes256-sha256
set dhgrp 14
set replay disable
set keylifeseconds 27000
next
end
Best regards
Johannes
