FortiGate IPSec VPN NAT

This may be useful when dealing with IPSec VPN between two customers, basically allows you to NAT your source address to one provided by the remote LAN administrator.

Tunnel Mode

config vpn ipsec phase2

edit <phase2>

set use-natip disable

end

config firewall policy

edit <ipsec policy>

set natip <ip> <subnet>

end

Interface Mode

Create IP pool <ip> <subnet> Interface = internal

On specific policy…

Enable NAT

Select the IP pool created

Advertisements

One thought on “FortiGate IPSec VPN NAT

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s