Good afternoon everyone,
I have been tasked with getting a remote site up and running with a 4G solution since there is no fixed line broadband at the site. The idea is to get a vpn back to head office working by having the remote 60e configured as a dial up vpn client back to our main fortigate fw. This has been tested in our office and the tunnel routed the data traffic no problem.
My issue right now is with the addressing. For the data network at the remote site its not a problem as its using a 172. private address. My problems is that our phone system uses a 10. address schema and my l3 switch on site uses a small 10.255 netwrk between itself and the fw. When i look at the wan interface on the 60e the 4G network is giving me a 10. address but with an 8 bit mask over it. That blocks out me using any of the private 10 range on my internal network. For the small network between the l3 switch and fw its not really a problem as i can just change that to a 192 address on each side. My real issue is what i do with the 10. voice network.
Thanks in advance for any replies.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If i understand properly:
You have 4G 10.0.0.0/8 and a voice network on 10.X.X.X/something if it's like this than you change it :\
10/8 is usually a "private mask" of the provider for NATTING.
I had this problem myself. I changed 2 of my private lan cause there was a conflict like this. Or if your 4G providers response time are short u can ask for a de-natting and get a dynamic public IP.
I had a feeling when i came across this issue today that readdressing the LAN was going to be the only option for me to get this up and running. At least its just a few phones and not all the PC's :) Its going to be EE or BT that will be providing the sims so not even sure they offer that as a service.
Yeah, this problem occurs because privders don't want to start using ipv6 for public address so they do this bullshit, and tbh 4G for office are underrated so they manage it in the easiest way possible. Btw yes better than change ip of PC's and server's!
Have this problem too with a sat. provider in CAN - their sat modem devices are strictly nat with either offering 10. or 100. IPs on the client side with no way to change that. I do suggest checking with the ISP and/or peaking at the 4G bridge modem internal settings to see if the private IP or subnet can be altered. But I do agree the 4G bridge modem should be placed into bridge mode if all possible. (One other problem we ran into with this sat. provider is they appear to be using Google's DNS servers, but is "natted" through their own DNS servers first, which is on a 192.168.x.x subnet!)
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.