I have a question:We have Fortigate on AWS, and the WAN IP is delivering the AWS public IP: However, a LAN IP is configured on the Fortigate interface: To set up an IPSEC VPN, I obviously have to point to “WAN IP” 54, but how will this communication work if the WAN interface has a LAN IP? Do I need to enable the secondary IP as 54..?

renanrdrigues

Explorer

Question

AWS delivering an internal IP address over the WAN

Forum|Forum|9 months ago
August 14, 2025
1 reply
298 views

I have a question:

We have Fortigate on AWS, and the WAN IP is delivering the AWS public IP:

Captura de tela 2025-08-14 160109.png

However, a LAN IP is configured on the Fortigate interface:

Captura de tela 2025-08-14 160416.png

To set up an IPSEC VPN, I obviously have to point to “WAN IP” 54, but how will this communication work if the WAN interface has a LAN IP? Do I need to enable the secondary IP as 54..?

FortiGate

ozkanaltas

Valued Contributor III

Hello @renanrdrigues ,

No need to configure a public IP address as a secondary IP. Because AWS natting this public IP address to a private IP address. Because of that, you can create ipsec tunnel with your public ip address. But you should configure nat-t in ipsec configuration.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded