New Member

Question

ask - IPSEC without IP Public for internet connection

Forum|Forum|8 years ago
November 13, 2017
2 replies
6975 views

Hi there,

need help please. We have 2 FG60D and 2 FG30E.

we like to create VPN IP Sec with these condition:

1. MainBranch, use FG 60D, have internet connection with IP Public Dynamic.

2. other branches, use internet connection with IP Private from internet provider.

Is there specific guidance to create VPN IPSEC between mainbranch and other branches?

thanks in advance.

emnoc

New Member

Yes that doable. You want dynamic VPN. Since the address is private

you want at branches

peer-id (optional)

NAT-T with keepalive for UDP.4500

aggressive mode

At the main-ofc,

it would be a responder only.

you can run ospf over the interfaces in route-mode

aggressive mode

papapuffAuthor

New Member

hi Emnoc,

sorry for late reply.

trying to understand you, but seems my knowledge not deep enough.

anyway, may you please give more guidance? perhaps step by step. from there I can more understand.

thank you.

Mitch_111

New Member

Hi,

use the DDNS Feature from Fortinet in the branch.

config system ddns

edit 1

set ddns-server FortiGuardDDNS

set ddns-domain "branch1.fortiddns.com"

set monitor-interface "wan1"

In the Mainoffice use that Name as VPN Endpoint and set the Type to "Dynamic DNS".

Cheers

Michael

papapuffAuthor

New Member

Hi Michael,

thanks for your reply.

as my understanding from your reply, so DDNS also applied to Private IP (behind NAT). is it correct?

out of question, commercial DDNS like DynDNS also can be applied to this method?

AlexFeren

New Member

papapuff wrote:
as my understanding from your reply, so DDNS also applied to Private IP (behind NAT). is it correct?

Read "Dynamic DNS over VPN concepts" section in FortiOS Handbook.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded