Hot!SSL-vpn -> LAN -> ipsec

Author
zlimmen
Bronze Member
  • Total Posts : 43
  • Scores: 0
  • Reward points: 0
  • Joined: 2013/02/25 04:27:08
  • Status: offline
2018/05/15 23:31:16 (permalink)
0

SSL-vpn -> LAN -> ipsec

Hi,
so I have a customer that wants me to set up ssl-vpn so he can access the company LAN and he also wants access to a RDP on a ipsec connection.
 
the ssl-vpn part is no problem, but the part that he wants to use rdp against the ipsec connection, the connection against the ipsec has be from the company LAN.
 
is VIP the way to go? if yes, please give me an example.
 
Thanx in advance :)
#1

3 Replies Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 1170
    • Scores: 66
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL-vpn -> LAN -> ipsec 2018/05/16 08:49:47 (permalink)
    0
    On SSL VPN side, if it's split-tunnel, you need to add RDP destination address or subnet to come though the SSL VPN tunnel.
    On IPSec side, you need to add SSL VPN's subnet to IPSec tunnel to pass-through on both local and remote sides, just like adding a new LAN subnet for the IPSec.
    #2
    zlimmen
    Bronze Member
    • Total Posts : 43
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/02/25 04:27:08
    • Status: offline
    Re: SSL-vpn -> LAN -> ipsec 2018/06/01 05:17:26 (permalink)
    0
    wow, I forgot about this post, sorry.
     
    the problem is that I do not have access to the ipsec on the other side, so the question is how to NAT ssl vpn trough the LAN to ipsec, so that the otherside thinks is is comming from company LAN.
     
    hopefully you understand my problem.
    #3
    Toshi Esumi
    Expert Member
    • Total Posts : 1170
    • Scores: 66
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: SSL-vpn -> LAN -> ipsec 2018/06/01 08:32:39 (permalink)
    0
    Then, reserve/exclude an IP from LAN DHCP (in case DHCP) and create an ippool like below and use it in a separate policy from ssl.root to IPSec interface.
    http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-transparent-54/3-Networking/2-NAT/2-SNAT.htm
     
    #4
    Jump to:
    © 2018 APG vNext Commercial Version 5.5