Unidirectional NAT through IPSEC tunnel.
We have configured an interface based VPN to the remote client (Palo Alto FW). Tunnel is up and working fine.
Now the customer has asked to implement NAT for all of my subnets currently connected to my Fortigate (including the Dialup vpn users subnet).
Like the sources (prod,Training, Dialup vpn users) to be NATed to a single IP (172.16.100.x/32) and then go to IPSec tunnel, on the remote side only single IP is visible to them (i.e 172.16.100.x/32)
As the traffic is only unidirectional, so i am following the solution provided on this KB:https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33885&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=129474053&stateId=0%200%20168934167%27)
Now, my question is that, i've different subnets like 172.16.10.x/24 ,10.10.10.x/24 and Dialup subnet (10.80.10.x/24)
and i want to NAT it to single IP, you can say 172.16.100.x/32 . so that remote side can see only one IP, is this possible?
the second question is this, do i need to change my current Route-based vpn in order to implement above requiremnet by selecting the Post-NAT Ip in phase 2 selectors or do i need to create a new Policy-based VPN to implement the scenario mentioned above?