Currently setting up a new VPN tunnel for a new application server. What would be the best practice for mapping a new Ip range of 2.2.99.0 to the existing LAN of 192.168.99.0. The tunnel has been created and is connecting; however, the vender cannot connect to the local devices. The new server requires an Ip range of 2.2.99.0 and the current network is on 192.168.99.0. What policies or methods should we be implementing??
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello mcpcs,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi,
Does the vendor need 192.168.99.0 to be source translated to 2.2.99.0?
What does your current phase 2 configuration look like?
Can you grab the output for the below?
diag vpn tunnel list name <VPN name>
Regards,
Yes, and I have attached the phase 2 info.
hm I have similar case here where I need to map vpn ips to a local subnet to make some service work over vpn that is limited to a specific subnet here.
I configured a s2s ipsec with split tunneling enabled and mode config enabled. So vpn clients get an ip from me and also get routes from me.
I did not set any p2 selector (it is set to 0.0.0.0/0.0.0.0 hence there is split tunneling plus routing plus policies to limit access).
I then created a policy that allows traffic from vpn subnet to the service subnet using snat with using an nat ip pool out of the local subnet. So vpn ips get snatted to local subnet when they try to access that service. Works fine here.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1631 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.