I have the following configuration
10.20.x.x/16 [Cisco ASA] <--> [FGT] FGT-INT2 [192.168.5.1/24] -> Downstream subnet10.20.0.0/16
I need for staff on the Cisco Side 10.20/16 network to access a server on the FGt side 10.20/16 remote subnet. The VPN is Policy based.
Ideally I would like to front the server on the right side with a unique IP address (maybe VIP) - but not sure if VIP will work on the FGT side with a Policy based VPN
Ideally 10.20/16 ---> 192.168.5.5 [VIP] -- 10.20.16.1/32
I have configured, the logs show the traffic coming in and sending it to VIP but no traffic is sent to the remote network from the VIP
I am not sure a VIP will work in this scenario tbh.
Any guidance would be appreciated.
Go to Solution.
You have overlapping subnets, how could the VIP determine where the 10.20.16.1 host is? Should it send the traffic back to cisco side or to remote network?
So basically, you need to NAT networks at both ends like the example here Administration Guide | FortiGate / FortiOS 6.4.5 | Fortinet Documentation Library
View solution in original post
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.