Hello all, I am a Fortigate newb. The only documentation I can find on
NAT over site to site IPSEC VPN pertains to versions before 5.6, and
only to NATting entire subnets, on both ends. I have a working IPSEC
site to site VPN between my Fortigate (v....
After a call with Fortinet support it was determined the problem was
using named addresses in the phase 2 selector. For whatever reason, they
would not work. I probably never would have figured this part out on my
own, since it apparently was a probl...
I got it to work. The problem was my VIP was set to "any" interface
instead of the tunnel interface "COMPANY." My next task was to allow
another computer (on the Fortigate side) through the tunnel, without
NATting it (but still NATting the other comp...
The IP of the computer (ISlaptop1) that I want to NAT over the tunnel is
10.0.100.40. I want the remote site to see it as 192.168.114.7. The VPN
works as expected. However, the computer (10.0.100.40) has no internet
connection. If I disable the VPN p...
Thank you emnoc, this worked! I needed an address pool with the SNAT IP,
a virtual IP, (and group) and I had to specify the SNAT address in the
phase 2 selectors (instead of the internal IP) like you said. In the
outgoing policy for the tunnel, I ena...
