Hi,
Maybe this thread is very basic but after reading a lot of documentation I can't determine how to solve it.
We are trying to setup a VPN to reach our customer.
The client asked us to NAT our internal subnet (10.120.30.0/24) to the IP 172.40.239.121. To have the VPN up and running we created a policy with source 172.40.239.121 and destination the IP addresses of the internal subnet of our customer. The tunnel is now UP however we don't really know how to nat our internal subnet (10.120.30.0/24) to the IP 172.40.239.121.
can you please guide us ?
Thanks in advance
FortiGate 100E v6.0.2 build0163 (GA)
If that IP is not being used anywhere in your environment, you could create a IP pool with that one address and assign it to the policy. I have see IP pool entries killing that existence of the IP in other places in the firewall in the past. Use with testing and caution.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Yes a ippool is ideal;
config firewall policy edit 1892 set srcintf "LAN1" set dstintf "PUPVPN" set srcaddr "NET01" "NET02" "NET03" set dstaddr "CUST788_REMOTE-028"" set action accept set schedule "always" set service "ALL" set ippool enable set poolname "CORP-to-CUSTID788" set nat enable next
end
Ken Felix
PCNSE
NSE
StrongSwan
Hi ,
Thanks for your reply.
In your example the srcaddr "NET01" "NET02" "NET03" is related with our internal subnet and dstaddr "CUST788_REMOTE-028"" is about customer subnet ? Where is done the NAT between our internal subnet and the NAT IP that we should use ?
Thanks
Jumping in since I have the same problem: with the customer we agreed for two ip-pools (one per side) and I could configure that on my side, but they asked to hide that pool behind a specific ip of that pool... how can I obtain that configuration?
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2645 | |
| 1405 | |
| 810 | |
| 688 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.