Skip to main content
Bognad
Bognad
New Member
January 27, 2021
Question

NAT-Traversal how enable on FortiGate

  • January 27, 2021
  • 1 reply
  • 30043 views

Hi everyone!         I use only ipsec clients on LAN. How to enable NAT-traversal on Fortigate NAT?  I have no config ipsec on my FOrtigate.

    1 reply

    sw2090
    SuperUser
    sw2090
    SuperUser
    January 27, 2021

    On FortiGate NAT-T is a Setting of the IPSec Tunnel. It can be enabled in there. 

    I am not sure if the wizard provides that upon creating a tunnel. Maybe you have to convert it into a custom tunnel after having created it to get access to the option.

    Bognad
    BognadAuthor
    New Member
    January 28, 2021

    Hi sw2090!

    Fortigate does not support work IPSEC RA via NAT?

    How use ipsec client via fortigate NAT?

     

    sw2090
    SuperUser
    sw2090
    SuperUser
    January 28, 2021

    an IPSec always must have defined endings. So on the FGT it has to be tied to an Interface. 

    NAT for internet access on a FGT is done via policy so it will not affect IPSEC (unless you NAT the policy for the traffic over the IPSEC of course). 

    So the client will have the external ip of that interface of the FGT as remote gateway. You do not need NAT-T because your FGT Internetconnection has NAT, you need it if the client is behind a NAT.

     

    Terms & ConditionsAccessibility statement