Fortigate to Cisco ASA IPSec tunnel with Outbound NAT

I am trying to setup a IPSec tunnel between my Azure cloud and a third party Cisco ASA device. I need to do an outbound NAT with a publicIP (no address space conflicts for the 3rd party).

I have deployed a Fortigate on Azure cloud, using the recipe in the Azure marketplace. Reference: https://azuremarketplace....-singlevm?tab=Overview This creates 2 subnets and 2 NICs on the Fortigate instance. NIC1 - port1 - PublicFacingSubnet (10.2.8.0/24) NIC2 - port2 - FortigateProtectedSubnet (10.2.0.0/24). I was searching through the forums and found https://forum.fortinet.co....aspx?m=136309&p=, which talks about outbound NAT. I am confused at this point as to which port should my Public IP for NAT be associated with port1 or port2?