Hello everyone, Michael here. I am new to Fortinet. I have a Fortigate 30E and I am trying to setup a unique network that my company already has in use on Cisco and Cradlepoint.
I will be using a Cisco router as a HUB at our corp office. Each remote Fortinet device will establish a Dynamic VPN to the Cisco router. The default NAT policy will be disabled. The LAN of the Fortinet will have a company registered /24 public network, the same network will be used at every site. The public /24 LAN network needs to NAT to a private /24 VIP network. Each site will have a different private VIP network. The Private VIP network will use the Dynamic VPN to get to the company infrastructure.
With the Cisco remote routers we are using ezvpn.
Any help would be greatly appreciated.
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Use the VPN Interface NAT Pool template for all vEdge routers, to create Network Address Translation (NAT) pools of IP addresses in virtual private networks (VPNs). To configure NAT pool interfaces in a VPN using vManage templates:
[ol]You can open a new VPN Interface NAT Pool template from the Service VPN section of a device template.
[ol]The VPN Interface NATPool template form displays. The top of the form contains fields for naming the template, and the bottom contains fields for defining VPN Interface NAT Pool parameters.
Wellyx Gym Management Software
, you create a route-based IPsec VPN tunnel, as well as configure both source and destination NAT, to allow transparent communication between two overlapping networks that are located behind different FortiGates.
In this example, one FortiGate will be referred to as HQ and the other as Branch. They both have 192.168.1.0/24 in use as their internal network (LAN), but both LANs need to be able to communicate to each other through the IPsec tunnel.
the same network will be used at every site
Why do that in the 1st place? Since you have to NAT it to begin with? Just stick rfc1918 in if your NAT'ting the block to begin. K.I.S.S Keep It Straight and Simple. It sounds like you design is flaw or bad from the out the gate or maybe I'm missing something.
On the DYNAMIC VPN, make sure to use a peer-group per each remote spoke. I.e FQDN or email would be my choice
peer1 == per1.yourdomain.com --DNS
peer2== peer2@yourdomain.com --email
peer3 == peer3 --DNS or string
Ken Felix
PCNSE
NSE
StrongSwan
Use the VPN Interface NAT Pool template for all vEdge routers, to create Network Address Translation (NAT) pools of IP addresses in virtual private networks (VPNs).
To configure NAT pool interfaces in a VPN using vManage templates:
LLC Incorporation in Delaware, USA
How to start a Pharmaceutical Business in India
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.