Skip to main content
baqir303
baqir303
New Member
July 4, 2020
Solved

Fortigate behind the NAT and IPsec Remote Access VPN

  • July 4, 2020
  • 1 reply
  • 14773 views

Hi friends,

I have a scenario where one Fortigate firewall in behind the NAT, means Its WAN interface has private IP which is then NATed with some higher level network device to one Public IP, from internet using the Public IP I can access firewall web interface, but when I configure an IPSec remote access VPN, and try to connect with forticlient VPN and using the firewall's public IP, forticlient is not able to connect with firewall. I have tried from windows and android but same problem, if some one have any idea for solving this issue then kindly guide me.

Thanks

    Best answer by enya90

    greetings

                        did you check UDP port is  4500 ? 

     

    1 reply

    enya90
    enya90Answer
    New Member
    July 4, 2020

    greetings

                        did you check UDP port is  4500 ? 

     
    baqir303
    baqir303Author
    New Member
    July 4, 2020
    Thanks for your response, kindly explain about udp 4500 port, where should it be allowed in my scenario when I connect my laptop with external switch and try to connect with the private IP, it connect successfully, but when I try to connect with public IP through the internet it fails, so should I check this port on the device which is performing Nating?
    sw2090
    SuperUser
    sw2090
    SuperUser
    July 7, 2020

    You have to forward 500/UDP (IPSec) and 4500/UDP (NAT-Traversal) from top down.

    that means the route with the public ip has to forward that to the private IP of your FGt (or the next hop between FGT and itself), so a connect to 500/UDP or 4500/UDP on the publlic ip can reach your FGT.

     

    Terms & ConditionsAccessibility statement