We have a Third Party that would like to allow us access to a subnet on their system via a Site to Site VPN.
There is no need for them to access stuff on our network but they want us to use a small subnet to avoid clashes on their end of the network ( 192.168.255.1 / 24 as an example ) we have set this subnet up as a Vlan and have setup and established a IPSEC Tunnel and the tunnel works if your on aforementioned subnet.
Is there anyway to get a Fortigate FG100 to route traffic from another subnet over this tunnel? I can't create a static or policy route to route traffic to the gateway address 192.168.255.1 as it just complains it's a interface address (well yes ))
Essentially we want it to take traffic from our vlan(s) and act as a NAT gateway sending stuff over the VPN.
In the past we have done this by having another router take traffic out of the main router and pipe it back in via a WAN port. This is a little Jank though and I was hoping for something a bit more elegant.
Solved! Go to Solution.
Hi,
Yes you can setup by using IPPOOL so in the lan to tunnel policy enable NAT and select IP pool.
So whatever subnet you configure on the IPPOOL that will be the src IP when the traffic reaches the remote end.
Refer:-
Hi,
Yes you can setup by using IPPOOL so in the lan to tunnel policy enable NAT and select IP pool.
So whatever subnet you configure on the IPPOOL that will be the src IP when the traffic reaches the remote end.
Refer:-
Perfect.
That did the trick, setup an overload pool with a single address of the Fortigate IP for the VPN subnet and then turned on NAT for the Firewall Rule using that address.
Seems to have done the trick :)
Great!!
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.