two office location , link together with vpn tunnel successfully
first office have static public ip on fortigate 60B WAN interface.
second office is rented office which using internet from lanlord network that we have no control of.
fortigate 50B is behind lanlord NAT router
second office have private ip on fortigate 50B WAN interface.
two office successfully link together with IPsec vpn tunnel.
fortigate 60B config as " fortigate dialup vpn server"
fortigate 50B config as " fortigate dialup vpn client"
it is site-to-site vpn tunnel
there is e-mail server in second office, ip:192.168.5.10 connect to lan interface of fortigate 50B.
i want mobile user when they travel, their can use webmail of server in second office.
so I have to forward port 80 on wan interface of fgt60B to server in second office through vpn tunnel.
if server is in first office it will be very easy, but this case server is in second office which can only access through vpn tunnel.
subnet of fgt60B is 192.168.10.x / 24
subnet of fgt50B is 192.168.5.x / 24
how to port forwarding through vpn tunnel ?
I already put subnet 192.168.100.0/24 and 192.168.5.0/24 in ipsec phase2
but it still show in " vpn monitor" as a range as you mention.
the different is because on FGT100A remote gateway is " Dialup type"
but on FGT50B remote gateway is " static ip"
FGT100A is static ip so it is config as dialup vpn server.
FGT50B don' t even have a public ip so it is config as dialup vpn client ( I mean it is behind NAT router so its wan interface is private ip)
most of your fortgate firewall have public ip on its WAN interface, right ?
Do you have any of you fortigate config like my scenario ?
