Hi,  I'm trying to setup a remote access SSL VPN using A FortiGate 5.6.4 and a FortiClient 6.0. My ISP, thru their ADSL router, assigns my PC an IP address in the 192.168.1.0/24 network. One of the networks attached to the company firewall is also 192.168.1.0/24 network, so I have overlapping addresses.  I setup an SSL VPN which works fine when trying to access the other networks, but obviously will not connect to the remote 192.168.1.0/24 network. Within the VPN Portal settings there is an IP Pool with 10.1.1.0/24 addresses .

After going thru documentation I decided to create a VIP object, which maps the 10.10.1.1-254 addresses to the 192.168.1.1-254 addresses. At first I had defined the VIP on a single interface but it would not appear in the GUI, so I had to leave it set to ALL. So I inserted the VIP object in the Destination field in the SSLVPN policy and it worked immediately. I can now contact company computers on that network without problems using 10.10.1.0/24 addresses instead of 192.168.1.0/24. My problem is that computers on that network (192.168.1.0/24) now fail to access the Internet : the log indicates that the outgoing packets are Natted to 10.10.1.0/24 addresses. They should be NATted to the IP of the external interface (WAN) or at least they were before. So I disabled the policy that uses the VIP : I now have partial remote access and Internet access is back for those in the 192.168.1.0/24 company network. Is there a way to apply VIP natting only for VPNs ? Thanks for any help, Spj