Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Routing from SSL VPN interface with NAT
So people want to work from home.
There is a MPLS at location B which accepts only source ip 10.10.0.0/24.,. Location B has a vlan interface with 10.10.0.1/24 with 200 odd windows systems.
Location A has Fortigate. Location A and Location B is connected thru a point to point terminated on the Core Switch with eigrp.
So SSLVPN interface to Internal interface with NAT enabled. pointing to a ip pool overload to a single free ip 10.10.0.200.
The ip which needs access over the MPLS is 10.200.200.0/24. Added necessary routes.
Will this work?
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's just a simile routing question 1) if the source has a route to the destination, and 2) if the destination has a route back to the source.
In case NATed inbetween the source becomes the SNAT's outside IP. You just need to check through all hops if the routing table at that point has both routes.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply. My concern is, is it alright for the switch which contains the 10.10.0.0/24 vlan to learn one ip
10.10.0.200 thru another interface.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10.10.0.0/24 and 10.10.0.200/32 (or longer than 24) are different routes (or prefix/prefix-length). Virtually any routers including FGT would handle them properly.
Only thing you can't do is to configure 10.10.0.200/32-25 as another interface IP on the same FGT.
