- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Using a VIP with a Cisco Policy based VPN
I have the following configuration
10.20.x.x/16 [Cisco ASA] <--> [FGT] FGT-INT2 [192.168.5.1/24] -> Downstream subnet10.20.0.0/16
I need for staff on the Cisco Side 10.20/16 network to access a server on the FGt side 10.20/16 remote subnet. The VPN is Policy based.
Ideally I would like to front the server on the right side with a unique IP address (maybe VIP) - but not sure if VIP will work on the FGT side with a Policy based VPN
Ideally 10.20/16 ---> 192.168.5.5 [VIP] -- 10.20.16.1/32
I have configured, the logs show the traffic coming in and sending it to VIP but no traffic is sent to the remote network from the VIP
I am not sure a VIP will work in this scenario tbh.
Any guidance would be appreciated.
Solved! Go to Solution.
- Labels:
-
FortiGateCloud
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You have overlapping subnets, how could the VIP determine where the 10.20.16.1 host is? Should it send the traffic back to cisco side or to remote network?
So basically, you need to NAT networks at both ends like the example here Administration Guide | FortiGate / FortiOS 6.4.5 | Fortinet Documentation Library
Best regards,
Jin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You have overlapping subnets, how could the VIP determine where the 10.20.16.1 host is? Should it send the traffic back to cisco side or to remote network?
So basically, you need to NAT networks at both ends like the example here Administration Guide | FortiGate / FortiOS 6.4.5 | Fortinet Documentation Library
Best regards,
Jin
