Hello,
I need to setup a VPN with a partner. We agreed for two subnets that are not in conflict with both mine and their internal networks:
my side: 172.24.1.8/29
their side: 172.24.1.0/29
They identify both networks as IP-Pools and in the doc they sent me, I read that on my side "internal network should be hidden behind 172.24.1.9/32"
At the end, my hosts should be able to reach 172.24.1.1 and 172.24.1.2 on the remote side.
I configured the tunnel with these two networks in the phase2, but I suppose it's not enough... should I configure a pool?
And (second step): I have several internal networks that I want to be able to communicate with the remote site, the 172.24.1.8/29 actually is only defined as address for routing but my clients are on other networks. Which part of the configuration should be changed to allow this?
Thanks
(200D)
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I saw almost the same post this month or last month and commented. NATing on an IPsec VPN is nothing different from NATing on a regular interface because you must have setup an interface-mode/route based IPSec. Either setting the SNAT IP(172.24.1.9/32) on the VPN interface to use for the NAT or if it's already occupied with a different peer tunnel IP setting an IP pool with the SNAT IP would do the NAT.
Of course you need to have a proper route for the destination and adjust the policy if it's limiting src/dst addresses.
For the second part, your description of the requirement is not clear but what you need to to would be similar to the first part.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1082 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.