i have trouble granting access to my DNS-Server to a customer who is connected via IPsec.
172.16.10.11/32 Customer sNAT. All traffic from my customer has this source.
192.168.110.0/24 Loopback Interface as VPN NAT-Network
192.168.55.0/24 VLAN-Interface for internal Services
We have a working VPN Connection with these Phase2 entrys:
172.16.10.11 <=> 192.168.110.3
My first try was a VIP with Portforwarding like this:
192.168.110.3:53(UDP) => 192.168.55.2:53(UDP)
Of cause I added a policy for this:
source interface: IPsec Customer
destination interface: Internal Services
destination: VIP 192.168.110.3
But this doesn't work. Next try was a virtual server. Also not working... Is it "wrong" to use a Transfer-Network on a loopback device?
If you need more information please ask.
Thank you and best regards!
Personally, i'm not a fan of 'any'. I would much rather prefer a VIP destination group with port forwarding to the same port allowed.
My two cents.
Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.