Hi all.
I have an annoying setup, where an l2tp client (a server machine) using native windows L2tp/IPsec client connects to the customer's office. The problem is, that customers' LAN is 192.168.0.0/24, the server's IP is 192.168.0.20. Naturally I cannot simply reach the server .20, since the LAN devices think that it is in the same broadcast domain, and do not turn to default gateway(192.168.0.1), flooding ARP requests instead. I cannot change the LAN network settings on the customer's side (e.g. narrow down the subnet). Also I cannot change the IP address for an L2TP client on the other side. Adding a static route to 192.168.0.20/32 via 192.168.0.1 works, but it is also not an option, since there are quite a few devices on the network, and we do not have control over most of them.
To this moment I've tried configuring policy route, enabling ARP-proxy.. Now I am trying to investigate if I can NAT the communication between LAN and .20 over .1
Does anyone have any other options?
there is a kb documenbt about this:
this is for 7.2 but I had that working in 6.x too some time ago.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Thanks for the KB, in my case, my server machine is looking at the internet directly, and directly connects to the Fortigate via windows native client, on the other side. So, basically I have only one half of the setup described. But, it's worth giving a try. Maybe I will work something out with tambourines and ping summoning dances :D
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1759 | |
1116 | |
766 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.