Policy-based connection
To configure interconnection with a policy-based IPsec VPN - web-based manager
1. Go to Policy > Policy > Policy and select Create New.
2. Select the Policy Type as VPN and leave the Policy Subtype as IPsec.
3. Enter the following information and select OK.
Local Interface | Select the virtual SSL VPN interface, ssl.root, for example. |
Local Protected Subnet | Select the firewall address that represents the IP address range assigned to SSL VPN clients. |
Outgoing VPN Interface | Select the FortiGate network interface that connects to the Internet. |
Remote Protected Subnet | Select the address of the IPsec VPN remote protected subnet. |
VPN tunnel | Select the Phase 1 configuration name of your IPsec VPN. |
Allow traffic to be initiated from the remote site | Enable |
NAT inbound | Enable |
4. Configure inbound NAT from the CLI:
config firewall policy
edit 0
set natinbound enable
end
To configure interconnection with a policy-based IPsec VPN - CLI
If, for example, you want to enable SSL VPN users to connect to the private network (address name OfficeAnet) through the OfficeA IPsec VPN, you would enter:
config firewall policy
edit 0
set srcintf ssl.root
set dstintf port1
set srcaddr SSL_tunnel_users
set dstaddr OfficeAnet
set action ipsec
set schedule always
set service ALL
set inbound enable
set outbound enable
set natinbound enable
set vpntunnel toOfficeA
end
In this example, port1 is connected to the Internet.
See Also