Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mvthul
New Contributor

Created on ‎07-01-2022 07:12 AM

ISP Subnet available on VLAN without NAT

Hi i need some help.
I got a customer where we are migrating there current VOIP platform to a new one.
For the new VOIP devices we ordered a IPVPN (Private ISP subnet)
Were trying to handout that subnet from the ISP 192.168.110.2/255.255.255.0 to our VLAN 110 devices.
But i cant get it to work.

Any one got any idea how to implement this?

Help would be great!

 

IPVPN.jpg

 

Labels:
1052
0 Kudos
8 REPLIES 8
Anonymous
Not applicable

Created on ‎07-06-2022 11:57 AM

Hello @Mvthul ,

 

Thank you for posting on Fortinet Community Forum. As per your configuration, this will not work as you are trying to the same subnet for the trunk interface(internal 3) and the sub-interface(VLAN 110).

 

You would have to change the IP subnet on the trunk instead.

 

Thanks,

1038
0 Kudos
Mvthul
New Contributor
In response to Anonymous

Created on ‎07-06-2022 12:02 PM

So it’s not possible to make the IP subnet coming in on internal 3 to VLAN 110 ? Even with overlapping subnets on? We need to get those devices in VLAN 110 in the 192.168.110.0/24 subnet some how. I know draytek calls it the IP routed subnet feature. But can Fortigate do this also somehow?

1036
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Mvthul

Created on ‎07-06-2022 12:05 PM

It's possible but has to be a separate subnet. I'm not sure how IPVPN works but I would assume they use a separate subnet from the main interface one. Are your sure about this?

 

Toshi

1031
0 Kudos
Mvthul
New Contributor
In response to Toshi_Esumi

Created on ‎07-06-2022 12:30 PM Edited on ‎07-06-2022 12:31 PM

Interface3 is 192.168.110.2/255.255.255.255

But we got the whole subnet available 192.168.110.0/255.255.255.0 for our devices(from KPN RoutIT). It’s a private connection for our voip devices within the network of KPN. But they need to be in the same subnet without NAT for best experience.

1024
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Mvthul

Created on ‎07-06-2022 12:35 PM Edited on ‎07-06-2022 12:36 PM

The whole subnet the /24 is bound to the non-tagged interface. Each VLAN (tagged-interface) on the same physical interface are just different interfaces, which need to have a different subnet each.
Generally the same thing happens on the ISP's device side. So when they provide another interface with a different VLAN tag, they have to assign a different subnet.

 

Toshi

1019
0 Kudos
Mvthul
New Contributor
In response to Toshi_Esumi

Created on ‎07-06-2022 12:37 PM

670F4ED5-2168-47FE-ADB1-899E01F6A9B2.jpeg

 look at this as example!

1018
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-06-2022 12:47 PM

I don't think you can do the same with an FGT.  Or replace the DrayTek device with an FGT.

 

Toshi

1014
0 Kudos
Mvthul
New Contributor
In response to Toshi_Esumi

Created on ‎07-06-2022 01:31 PM

Thanks for ur reply! Ill think of a other solution.

1006
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.