Hi All,
I need some help who have any idea for my request to NAT External IP to Internal and via VPN Tunnel to next site for Internet access.
In my situation site A has network devices require to access external IP but ISP local blocked by Internet access. Anyway I have a second interface VPN Site-to-Site from site A (IP 192.168.44.1/24) to site B (IP 192.168.10.1)
Network device on site A has a configuration internet access to external IP 3.x.x.x
So, how can I NAT destination external IP 3.x.x.x to 192.168.10.50(IP site B) via VPN tunnel to site B.
On site B NAT from 192.168.10.50 back to 3.x.x.x?
Internal Network Device >> 3.x.x.x >> NAT to 192.168.10.50 >> VPN Site A to Site B >> NAT back from 192.168.10.50 to 3.x.x.x >> Internal device site A will send data to 3.x.x.x via site B
I apologize for not being an expert in the English language.
Thanks.
I don't think there's a specific name for it, most VPN forms just put a note/caveat stating all traffic must be NAT'd to unique non-RFC1918 addressing.
Hi @Prik,
Why do we need to NAT? You can create a static route for 3.x.x.x to go through the VPN tunnel and add 3.x.x.x to phase2 selectors and firewall policy on both sides.
Regards,
Hi Hbac,
Thank you for your reply, because I have 3rd party WAN provider firewall before to next site, they allow only internal IP to there. So I need NAT destination to internal IP and pass through VPN tunnel to next site then NAT it back to External IP.
If you have another idea please share to me.
Thank you.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.