Hello guys,
I have a FortiGate 90D one IPSEC tunnel with a customer.
Tunel subio the two stages without problems, is connected.
however in the tunnel configuration, the customer asked me to set up, with the local subnet 172.16.201.120/29 and remote subnet 10.30.0.0/23. and my network and FortiGate this subnet in 10.220.0.0/22.
My doubt is how I do my LAN desktops, etc. access the customer network.
any help will help me a lot
thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
If you need both way access, you need to add your subnet to the local subnets in phase2 just like customer's. But if you need just one way from your subnet to the customer's remote subnet, you need to grab one customer's local IP and put it into IP Pool and set SNAT in a policy to pretend all of your devices are one of customer's local device. You might want to avoid IP conflict by somehow reserving the NAT IP not to be used by the customer.
Or use the combination; assign one IP the customer would never use and put that /32 IP in phase2, and then NAT your access to the remote side with that source IP. It's still one way though.
Hi Toshi,
Thank you for the prompt help (sorry for my english).
yes, I did just that placed the local client subnet in tunnel configuration.
it is connected.
the IPSEC wizard made the policy below: https://drive.google.com/open?id=0Bzsu90fZ5xEeaHYxVHU1ZUU1T0U
I did not understand the part that you say I need "IP Pool and set SNAT"
when I try to access a link there client (10.30.0.48) port 80 or 8010 web
of the message (403 Forbidden: incorrect proxy service was requested)
thank you
With that way 10.0.30.x can access your subnet. No NAT.
For the 403 error, I don't exactly know what it means but I found another thread:
[link]https://forum.fortinet.com/tm.aspx?m=74396[/link]
Toshio,
you have an example of how I do this in the NAT Fortinet 90D?
You can go to KB and search "ippool" or "SNAT" to find some examples like below:
Create static route to customer network through tunnel a create policy from lan to vpn must work
thanks for answering.
creating ipsec tunnel with the customer, he created autimatico the static route to lan VPN with the policy.
however the problem is that my subnet is different from him in the tunnel.
my subnet (LAN) 10.220.0.1/22
the tunnel this way:
my network [10.220.0.0/22] -> local_subnet_customer [172.16.201.120/29] remote_subnet_customer [10.30.0.0/23]
I am unable to do this translation to my network to local_subnet_customer.
confome @toshiesumi told me, I saw several examples in Fortinet site, but without success yet.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.