Routing from SSL VPN interface with NAT

thalaivarda · ‎03-15-2020

So people want to work from home. There is a MPLS at location B which accepts only source ip 10.10.0.0/24.,. Location B has a vlan interface with 10.10.0.1/24 with 200 odd windows systems. Location A has Fortigate. Location A and Location B is connected thru a point to point terminated on the Core Switch with eigrp. So SSLVPN interface to Internal interface with NAT enabled. pointing to a ip pool overload to a single free ip 10.10.0.200. The ip which needs access over the MPLS is 10.200.200.0/24. Added necessary routes. Will this work?

Toshi_Esumi · ‎03-15-2020

It's just a simile routing question 1) if the source has a route to the destination, and 2) if the destination has a route back to the source.

In case NATed inbetween the source becomes the SNAT's outside IP. You just need to check through all hops if the routing table at that point has both routes.

thalaivarda · ‎03-15-2020

Thanks for the reply. My concern is, is it alright for the switch which contains the 10.10.0.0/24 vlan to learn one ip 10.10.0.200 thru another interface.

Toshi_Esumi · ‎03-15-2020

10.10.0.0/24 and 10.10.0.200/32 (or longer than 24) are different routes (or prefix/prefix-length). Virtually any routers including FGT would handle them properly.

Only thing you can't do is to configure 10.10.0.200/32-25 as another interface IP on the same FGT.

Routing from SSL VPN interface with NAT

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website