Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortigateAdmin10
New Contributor

How to avoid create multiple NAT rules/ policy with nat configured

Hello everyone,

I have been assigned this task to configue a IPSEC tunnel between a Cisco router and Fortigate 1000D. Tunnel part is has been setup. But there is a problem. Since there is overlap of local subnets, someone has to NAT their IPs also keeping in mind that the IP has to be a one to one NAT and also static so that users connecting to the destination servers can always connect using the same NAT IP for the corresponding original IP.

How can implement this? Any help is appreciated.

Edit:

I found this article from Fortinet Docs. But wanted to confirm if the NAT mapping will stay as is (and can be shared with users trying to connect to the relevant servers) or NAT IPs will be assigned on a first-come-first-serve basis which defeats my purpose.

Site-to-site VPN with overlapping subnets

1 REPLY 1
knagaraju
Staff
Staff

The solution for your issue is to use a fixed port range. However, please make sure that both external and internal IPs have the same range.
Please refer to the below link for the details
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-SNAT-with-IP-pool/ta-p/19...

Labels
Top Kudoed Authors