Hot!VPN NAT source IP

Author
mariocova
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/10 08:48:59
  • Status: offline
2020/02/10 09:05:48 (permalink) 6.0
0

VPN NAT source IP

Hi,
 
Maybe this thread is very basic but after reading a lot of documentation I can't determine how to solve it.
We are trying to setup a VPN to reach our customer.  
 
The client asked us to NAT our internal subnet (10.120.30.0/24) to the IP 172.40.239.121. To have the VPN up and running we created a policy with source 172.40.239.121 and destination the IP addresses of the internal subnet of our customer. The tunnel is now UP however we don't really know how to nat our internal subnet (10.120.30.0/24) to the IP 172.40.239.121.
 
can you please guide us ?
 
Thanks in advance
 
FortiGate 100E
v6.0.2 build0163 (GA)
 
 
 
 
#1

4 Replies Related Threads

    rwpatterson
    Expert Member
    • Total Posts : 8466
    • Scores: 201
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: online
    Re: VPN NAT source IP 2020/02/10 11:36:05 (permalink)
    0
    If that IP is not being used anywhere in your environment, you could create a IP pool with that one address and assign it to the policy. I have see IP pool entries killing that existence of the IP in other places in the firewall in the past. Use with testing and caution.
    post edited by rwpatterson - 2020/02/10 11:46:14

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #2
    emnoc
    Expert Member
    • Total Posts : 5537
    • Scores: 353
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: VPN NAT source IP 2020/02/10 13:05:05 (permalink)
    0
    Yes a ippool is ideal;
     
    config firewall policy
    edit 1892
    set srcintf "LAN1"
    set dstintf "PUPVPN"
    set srcaddr "NET01" "NET02" "NET03"
    set dstaddr "CUST788_REMOTE-028""
    set action accept
    set schedule "always"
    set service "ALL"
    set ippool enable
    set poolname "CORP-to-CUSTID788"
    set nat enable
    next
    end
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #3
    mariocova
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/10 08:48:59
    • Status: offline
    Re: VPN NAT source IP 2020/02/10 14:09:25 (permalink)
    0
    Hi ,
     
    Thanks for your reply.
     
    In your example the srcaddr "NET01" "NET02" "NET03" is related with our internal subnet and dstaddr "CUST788_REMOTE-028"" is about customer subnet ? Where is done the NAT between our internal subnet and the NAT IP that we should use ? 
     
    Thanks
     
    #4
    mauros
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/02/28 02:28:42
    • Status: offline
    Re: VPN NAT source IP 2020/02/28 04:51:20 (permalink)
    0
    Jumping in since I have the same problem: with the customer we agreed for two ip-pools (one per side) and I could configure that on my side, but they asked to hide that pool behind a specific ip of that pool... how can I obtain that configuration?
    #5
    Jump to:
    © 2020 APG vNext Commercial Version 5.5