IPSec Site To Site VPN

Forum|Forum|1 year ago
January 13, 2025
3 replies
1040 views

I have a very short question for you all. I have two Fortigate firewalls, both behind NAT, am I still able to create an IPSec site to site tunnel ? It doesn't seem to be listed as a valid configuration anywhere, not in the templates and not on the internet as far as I have searched. I am in control of both NAT routers and both have static, full stack IP's.

FortiGate

funkylicious

SuperUser

Hi,

Maybe this article would shed some light, https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPsec-when-FortiGate-is-behind-NAT/ta-p/336494

"jack of all trades, master of none"

dingjerry_FTNT

Staff

Hi @yegget ,

If both FGTs can talk to each other via NATted IPs, yes.

For example:

Site A has 192.168.10.1, NATted IP 1.1.1.1

Site B has 10.10.10.1 NATed IP 2.2.2.2

In Phase1 settings:

Site A: Local Gateway - 192.168.10.1 / Remote Gateway 2.2.2.2

Site B: Local Gateway - 10.10.10.1 / Remote Gateway 1.1.1.1

Enable Nat Traversal in phase 1 settings.

lokenbo2

New Member

you can always look at the logs and analyze the traffic going over the tunnel and start weeding out traffic that you know you don’t want or look for traffic that you do want. Pretty vague, but it’s a start.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded