Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
adamsf1
New Contributor II

SSL-VPN Public IP

Hi Guys,

 

I been looking at making this change for some time now but would like some advice on the best way to get this done.

I have looked through the forums and some CB but the best advice is that from an FG pro.

our public IP in the office is 196.x.x.x.

 

when our users dial-up to the SSL-VPN they able to access our office servers.

when they dial into the VPN the FG assigns them a local IP of 10.212.x.x. and their public IP does not change to the office IP.

I am looking for a way of giving the users the same IP as our office is this possible?

 

15 REPLIES 15
rwpatterson
Valued Contributor III

Welcome to the forums.

 

You need to be a bit more specific. The users IP address will never change. You need to tell us under which context you wish to have their address appearance changed.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
adamsf1
New Contributor II

So when user 1 connects to the ssl-vpn he still has his public IP wich is for eg. 105.12.x.x

I am needing to set up the SSL-VPN so when user 1 connects, his IP would change to the office IP witch is 196.22.x.x

 

Some of our servers are sitting in AWS and we find our selfs whitelisting IPs when these users are outside of the office.

 

we have a RAS Setup on a windows server that works on L2TP but I am hoping to get rid of this server and making use of the FortiGate instead.

I did disable split tunnelling as some forums recommend but after I disable split tunnelling I can only hit the local LAN.

 

 

rwpatterson
Valued Contributor III

You need to create a policy from SSL-VPN to the Internet with NAT enabled. If you do not include an IP pool, the default WAN address will be used, hopefully fulfilling your initial request. You will need also a static route to the SSL subnet with those addresses so that return traffic knows where to go. You may have already done that part.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
jorge_americo

NSE-4
rwpatterson
Valued Contributor III

With split tunnel, the remote user gets to the Internet using his own IP address and ISP. What the OP posted is that he did not want to do that.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
jorge_americo

Exactly, by default, split is enabled. what he wants is to "undo" the split, no?

I wrote about split. to better understand the solution and identify if that is the issue.

NSE-4

NSE-4
rwpatterson
Valued Contributor III

adamsf1 wrote:
I did disable split tunnelling as some forums recommend but after I disable split tunnelling I can only hit the local LAN.
This is what I was referring to.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
jorge_americo

If the split has disabled. and still whith 105.12.x.x are two options.:

 

Or split isn't disable.

Or use a Proxy.

NSE-4

NSE-4
adamsf1

thanks, jorge and rwpatterson for your help.

 

so yesterday I disabled the split tunnelling again.

I created a new policy that allows traffic out to the internet on wan2 instead of the internal policy set.

some traffic did flow in - out and I could send and receive whatsapps on my web browser(so strange)

but still can't load a page, still not getting the IP 196.x.x.x.

I did an mtr and seems like I can only hit that 10.213.x.x. IP that the FG issues to the SSL VPN users.

Labels
Top Kudoed Authors