Fortinet multiple WAN IP to several ports
I am assuming you want to continue to address your VPN gateway on IP address 1.1.1.1 as you do not want to make changes to every single client configuration. If this is the case, then you will have to use port-forwarding to forward traffic to the VPN device. The example below is for forwarding IPsec (UDP/500), but you can adapt it to forward SSL, etc. Note, your VPN appliance may also need to have NAT-T enabled in order for IKE traffic to traverse the firewall.
The below example assumes you have your VPN appliance plugged into one of the firewall's internal switch ports, but you can adapt the interface names as necessary (I have not tested this configuration).
interface configuration
config system interface
edit "wan1"
set ip 1.1.1.1 255.255.255.248
...
next
...
edit "internal"
set ip 192.168.1.254 255.255.255.0
...
next
end
default route
config router static
edit XX
set device "wan1"
set gateway 1.1.1.6 #your Internet gateway IP
next
...
end
port forward VIP
config firewall vip
edit "VIP_IPsec"
set extintf "wan1"
set portforward enable
set mappedip 192.168.1.1 #internal IP assigned to your RV082
set protocol udp
set extport 500
set mappedport 500
next
...
end
port forward firewall policy
config firewall policy
edit XX
set srcintf "internal"
set dstintf "wan1"
set srcaddr "ip_192.168.1.1"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set nat enable
next
edit XX
set srcintf "wan1"
set dstintf "internal"
set srcaddr "all"
set dstaddr "VIP_IPsec"
set action accept
set schedule "always"
set service "ALL"
next
...
end
Once you do this, in theory the firewall will forward all requests on 1.1.1.1:500 to the VPN appliance and the reverse traffic will be NATed out of 1.1.1.1.
See how you go with that..
-- ab1
P.S. Not sure if you considered this, but your Fortigate firewall arguably has a more advanced VPN capability than the Linksys appliance and it might make sense to migrate..
Related videos on Youtube
Cy.
Updated on September 18, 2022Comments
-
Cy. over 1 year
I have a 5 public IP address range. (ie: 1.1.1.1 to 1.1.1.5)
I would like to assign the first to port 1 transparently in a way that a VPN router (RV082) could connect via it and respond transparently.
I want to assign the rest with NAT to every subsequent port. (ie: port 2. 1.1.1.2)
How could I achieve this?
Edit:
Network topology:
WAN Ethernet cable plugged to WAN1 on a Fortigate 100D configured as router with NAT for the first IP xx.xx.xx.1
The WAN public ip range consists of 5 IP addresses (xx.xx.xx.1 o 5)
I have a RV082 that was plugged as router of the network using the IP xx.xx.xx.1 but after receiving the 100D Fortigate I've plugged it to be the main controlling device of the network to assign the 5 different WAN ip addresses to different ports transparently in a way that for example the RV082 can connect as it behaved before meanwhile the other ports on the 100D can be used with different IPs
-
ab77 over 10 yearsCould you please expand your question as much as possible, including your network topology, etc.
-