Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinetuser2020
New Contributor

hi guys, a routing issue with vdoms and emac

situation is this :

i have a fortigate 6.0.5. the first vdom holds the main wan connection

the first vdom has an ip pool directly from the ISP of (example) 1.1.1.1/27. the gateway of that pool is for this example 20.20.20.20.

so if i go into the interface and add secondary ip of 1.1.1.2/27 and 1.1.1.3/27, everything is good, working, pinging and whatnot.

now, secondly i have another ip pool that the ISP has routed into my first IP of 1.1.1.1. that second pool is 2.2.2.2/26. so if i go to the main wan interface and ad 2.2.2.3/26 and so of, also...everything is fine.

 

now comes the second vdom

i've used emac to do a wan connection for it. meaning, i've setup an interface that is connected to this new vdom with 1.1.1.2/27 (the next ip of the main IP pool) and based it on the physical wan interface. so the emac allows me to work with it. it has the same static routing to the internet. it goes 0.0.0.0 via 20.20.20.20 exactly like the main wan. so far so good, everything works just fine. the emac reflects the physical interface just fine. if i'd add 1.1.1.3 and 1.1.1.4 to that emac everything will work fine because it reflects the physical interface. 

 

background if finished, now comes the problem :)

as you remember, the ISP routed another ip pool only to my main and first IP that is 1.1.1.1

is there a way for me to do some internal routing that will allow me to use ip's from 2.2.2. on the 1.1.1.2 wan emac interface?

 

i know i can do that with vdom links, but vdom links and 1:1 nats, but vdom links don't do multiple ip's, so if i want to take 20 ips from 2.2.2., i'd need 20 vdom links and 40 policies just for that.

any ideas?

0 REPLIES 0
Labels
Top Kudoed Authors