IPSEC tunnel Fortinet Transparent Mode to inside Fortinet firewall in NAT Mode does not respond to i

Posted by TrevJen on Server Fault See other posts from Server Fault or by TrevJen
Published on 2010-03-25T22:05:38Z Indexed on 2010/03/25 22:13 UTC
Read the original article Hit count: 484

Filed under:
|
|
|
|

I have 2 fortinet firewalls (fully patched); fw1 is providing an IPSEC tunnel in transparent mode. beneath this firewall is a fw2, a NAT firewall with a VIP address that has been confirmed to work. This configuration is required for my customers who want to connect to a public address space inside of the tunnel, in order to prevent cross over in IP space. This configuration works great for traffic going outbound to the remote side of the tunnel, but not inbound. While sniffing the traffic, I can see the inbound traffic going out of the fw1, but it is never seen at the fw2.

Cust Net > 10.1.1.100                         
                |
                |
                |
FW1      >TRANSPARENT IPSEC
                |
                |
                |
FW2 EXT  >99.1.1.1.100-VIP
                |
FW2 NAT  >192.1.1.100-NAT

© Server Fault or respective owner

Related posts about fortinet

Related posts about ipsec