Hey All.
I have a vendor accessing a series of VIPs on my Fortigate, which are pointed to a series of corresponding private IPs that are accessed over an MPLS.
I need to allow this vendor to get access to a new site at which I do not have an MPLS connection. I can build an IPSec tunnel to this location, but I'm a bit confused as to what my source/destinations would be. Attached is a picture
So, if I Vip into XX.XX.XX.XX:3, I want to vip the traffic to 192.168.3.1, and head down the VPN tunnel.
Is this possible/achievable in some way?
Yes, I have done this. I created additional IP-address to the router's internal IP-address and used that in VIP configuration. I could access that IP address from my office over the IPSEC tunnel, and VIP translated the address (with port) to another address which was reachable using another IPSEC tunnel in that router. Of course, policies have to be done too. That's shortly said.
Be careful: when I created VIP to the router's default address, I lost the connection to router and had to take it off quickly by managing it over the external address. You can use a different network too if needed.
Hi Guys, i need the setup guide for this. Is possible?
Just treat the IPSec tunnel as another firewall address or interface. Policy from VIP->IPSec. The only difference is the VIP needs to be allowed over the tunnel. A way to get this done is to create an IP pool of a single allowed IP address through the IPSec tunnel and use it in the VIP->IPSec policy as the source address.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.