Hub-spoke OCVPN with inter-overlay source NAT

This topic shows a sample configuration of hub-spoke OCVPN with inter-overlay source NAT. OCVPN isolates traffic between overlays by default. With NAT enabled on spokes and assign-ip enabled on hub, you can have inter-overlay communication.

Inter-overlay communication means devices from any source addresses and any source interfaces can communicate with any devices in overlays' subnets when the overlay option assign-ip is enabled.

You must first disable auto-discovery before you can enable NAT.

License

Free license: Hub-spoke network topology not supported.
Full License: Maximum of 2 hubs, 10 overlays, 64 subnets per overlay; 1024 spokes, 10 overlays, 16 subnets per overlay.

Prerequisites

All FortiGates must be running FortiOS 6.2.0 or later.
All FortiGates must have Internet access.
All FortiGates must be registered on FortiCare using the same FortiCare account.

Restrictions

Non-root VDOMs do not support OCVPN.

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Table of Contents

Administration Guide

Hub-spoke OCVPN with inter-overlay source NAT

License

Prerequisites

Restrictions