How to pass an only IP between VPN Site-to-site vs Fortinet

ocuevas
Here to help

How to pass an only IP between VPN Site-to-site vs Fortinet

Hi community

 

I've a problem with VPN non-meraki vs Fortinet.

 

I need pass only IP to match with Forti, but meraki only allows pass subnets, no IPs, and I don't knwo how do to fix that.

 

RegardsCaptura.PNG

8 Replies 8
Nash
Kind of a big deal

Pass the entire subnet, then setup a site-to-site VPN firewall rule to only allow traffic between the authorized IP addresses.

 

Note that it LOOKS like there's an inbound firewall section, but there's not. There's only outbound rules.

ocuevas
Here to help

Hi dear Nash.

 

Thanks for your request, but the problem is with the Fortinet, because it has not change this, it send only an IP, not a subnet.

 

Regards

Nash
Kind of a big deal

The Fortinet will need to send the full subnet in order for the tunnel to come up. Sorry. 😕 It's a real bummer, and not as secure/granular as I would like.

ocuevas
Here to help

Hi Nash.

 

Thanks for all.

 

I'll call to Fortinet.

 

Regards

BrechtSchamp
Kind of a big deal

What do you mean by "only an IP". You can setup tunnels with (one or multiple) /32 subnets which are a single IP?

Nash
Kind of a big deal

@BrechtSchamp The Meraki end will send its full subnet, won't it? Remote end can totally be a /32.

 

I think I was assuming that @ocuevas wanted to send only a single /32 IP from the Meraki end to the Fortigate end.

BrechtSchamp
Kind of a big deal

Ah yes I see. I forgot that the local subnet isn't specified in the configuration but rather automatically used.

brad1
Here to help

I would contact Fortinet and ask them what they would suggest.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels