I have to create an ipsec ssl tunnel with a customer.
Everything seems fine, both phase 1 and phase 2 are up.
But, they asked me to SNAT an internal IP.
Tried to recreate the VPN in policy mode with the same settings - not working.
In phase 2 local subnet is 172.16.5.0/24 and remote is 10.1.43.0/24
They are expectig traffic from 172.16.5.170 to 10.1.43.5 using source nat 10.252.13.1.
Quote:
"As per the IDD traffic should be coming to our firewall from 10.252.13.0/27 subnet. Hence pls configure the source NAT at your end.
Source Address: 172.16.5.170
Destination Address: 10.1.43.5
Source NAT: 10.252.13.1"
How should I do this?
Thank you!
Solved! Go to Solution.
Apply the SNAT in the policy and add or create this SNAT ip.addr in the phase2 config if you are not using 0.0.0.0/0 aka quad 0s.
Ken Felix
PCNSE
NSE
StrongSwan
Apply the SNAT in the policy and add or create this SNAT ip.addr in the phase2 config if you are not using 0.0.0.0/0 aka quad 0s.
Ken Felix
PCNSE
NSE
StrongSwan
Thanks.
Created in phase 2 and followed the article from the Cookbook with overlapping subnets.
Now it's working!
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.