Policy-based connection
To configure interconnection with a policy-based IPsec VPN - web-based manager:
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information and select OK.
Incoming Interface | Select the virtual SSL VPN interface (ssl.root, for example). |
Source Address | Select the firewall address that represents the IP address range assigned to SSL VPN clients. |
Outgoing Interface | Select the FortiGate network interface that connects to the Internet. |
Destination Address | Select the address of the IPsec VPN remote protected subnet. |
3. Configure inbound NAT from the CLI:
config firewall policy
edit 0
set natinbound enable
end
To configure interconnection with a policy-based IPsec VPN - CLI:
If, for example, you want to enable SSL VPN users to connect to the private network (address name OfficeAnet) through the OfficeA IPsec VPN, you would enter:
config firewall policy
edit 0
set srcintf ssl.root
set dstintf port1
set srcaddr SSL_tunnel_users
set dstaddr OfficeAnet
set action ipsec
set schedule always
set service ALL
set inbound enable
set outbound enable
set natinbound enable
set vpntunnel OfficeA
end
In this example, port1 is connected to the Internet.