Visitor III

Question

Connexion fail VPN Fortigate local to Fortigate AWS

Forum|Forum|3 years ago
June 30, 2022
1 reply
1205 views

Hello everyone,

I have a little problem I can not properly configure my local Fortigate VPN on Vmware on my AWS Fortigate. (I followed this: https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/881566/connecting-a-local-fortigate-to-an-aws-fortigate-via-site-to-site-vpn)

Here’s the infrastructure I have

On the AWS Fortigate part:

What I get:

My security entry group for the fortigate AWS:

(I don’t know if I need to add a route to my subnet)

On the Local part Vmware Fortigate:

What I get:

My local Fortigate can ping my AWS Fortigate.

Thank you in advance for your answers

ssudhakar

Staff

Hi there :

From the doc that you have attached, It says that the NAT config on AWS side should be set to This site is behind NAT. I see that you have set it to the remote site is behind NAT.

https://docs.fortinet.com/document/fortigate-public-cloud/6.2.0/aws-administration-guide/881566/conn...

To create a VPN on the AWS FortiGate to the local FortiGate:

For NAT Configuration, select This site is behind NAT. This is the correct configuration since the AWS FortiGate has an elastic IP address. Click Next.

Can you please change it to This site is behind NAT and see if it works?

Thank you,

Hope

robinsonbAuthor

Visitor III

Hello Sudhakar,

I think they are mistaken since there are not the same fields to fill on the part
Site behind nat and remote site behind nat.
He explains that it is necessary to fill the incoming interface or this one can only fill it on the part and that the remote site is behind nat.

To create a VPN on the AWS FortiGate to the local FortiGate:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded