Hey folks,

I'm trying to setup a VPN tunnel to a SAAS Cloud Software. The Cloud Software uses the 10.0.0.0/8 network. My company also uses the 10.0.0.0/8 network. Now I'm trying to setup the NAT rules so the traffic will flow. But i wont get this done.

Im trying to hide my company 10/8 net behind 172.24.0.0/16 and the 10/8 network behind 172.21.0.0/16. 

In the following you can see the configuration of the VPN Tunnel (this one is up and traffic from the cloud is reaching my fortigate) and of my policies. I have a static route for 172.21.0.0 into the tunnel.

I hope someone can help me.

config firewall policy
    edit 1208
        set name "SAP-CC Test"
        set uuid 2af4b698-5708-51ea-ef41-538757c38250
        set srcintf "v-sap-cc"
        set dstintf "dmz1_extern"
        set srcaddr "all"
        set dstaddr "vip-172.24.1.1_genex.sapcc"
        set action accept
        set schedule "always"
        set service "HTTP" "HTTPS"
        set logtraffic all
        set comments "\"Anlagegrund/Ticket-ID\"=\"sixj_sapcc\";"
        set nat enable
        set ippool enable
        set poolname "snat_172.21.1.0_SAP-CC"
    next
end

    edit "v-sap-cc"
        set interface "port3"
        set ike-version 2
        set keylife 28800
        set peertype any
        set proposal aes256-sha256
        set dpd on-idle
        set dhgrp 14
        set nattraversal disable
        set remote-gw 52.157.XXX.XXX
        set psksecret ENC 123
    next
end
    edit "v-sap-cc"
        set phase1name "v-sap-cc"
        set proposal aes256-sha256
        set dhgrp 14
        set replay disable
        set keylifeseconds 27000
    next
end

Best regards

Johannes