- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Encapsulate Fortigate Public IP with remote PF sense
Hi,
i want to hide my local FortiGate IP with remote PF_Sense located in Germany. i already created the tunnel between them and the tunnel is up, moreover i also configured Central NAT for IPsec tunnel policy and allowed NAT. I need my local site users to use public IP of remote firewall, what is the possible solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Aadar-Soomro,
If you have Central NAT policy applied to the outbound IPsec traffic your local IP would not be visible on the remote firewall as it would be natted with outgoing interface or IP-POOL based on the configuration.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
But i need to reflect public IP of remote PF sense on local users system as their public IP. it is my organization requirement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That means you have two requirements:
1. hide the local IPs from remote (Germany) side.
2. route local users' internet traffic through the remote (Germany) and use the remote public IP.
For 2, you need to set a default route into the tunnel on the local side by excluding the peer IP (the /32 on Germany end).
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No dont want to hide my IP's to remote side, the case is simple i want to hide my site 1 local users public ip and to replace it remote PF-sense public IP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then you don't have to NAT the tunnel traffic. Just need to implement No.2.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i have already disabled NAT while configuring tunnel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear parth. Actually the requirement is to hide site 1 users public ip and to replace them with remote pf sense public ip located in germany. I have already established vpn tunnel between site1 fortigate and site 2 pfsense. And no NAT is between them. But instead of getting public IP of remote firewall i am getting fortigate public ip at site 1