Terminating IPSEC VPN tunnel with remote networks that has public IPs and private IPs
Hello,
I am completely new to Fortinet world and considering to get Fortinet 60D or Fortinet 70D where I will be required to setup a few IPSEC site-to-site tunnels on it. I need some expert advise on whether the following is feasible and how to go about configuring it (preferably via GUI and if you can point me to any documentation/video tutorial that's even better).
Following are my scenarios for required VPN setup (this is not a typical site-to-site setup involving private IPs). Please note the remote peer devices make/model could vary every time as we deal with new vendors at all times.
Scenario 1:
Remote Peer: Public IP
Remote Network: Public IPs/subnet
My Peer: Public IP
My Network: a few servers behind my Fortinet device that will have routable public IPs assigned to them
Requirement: Users on remote network need to be able to access the resources running on my network over the tunnel (only on certain allowed port numbers. For example: 80, 21 ... and all other ports to be blocked). My servers need to be able to communicate with remote network on all port numbers.
Scenario 2:
Remote Peer: Public IP
Remote Network: Private IPs/subnet
My Peer: Public IP
My Network: a few servers behind my Fortinet device that will have routable public IPs assigned to them
Requirement: Same as Scenario 1 - Users on remote network need to be able to access the resources running on my network over the tunnel (only on certain allowed port numbers. For example: 80, 21 ... and all other ports to be blocked). My servers need to be able to communicate with remote network on all port numbers.
As you can see the only difference between my Scenario 1 and 2 is the remote network's IP class (public vs private). Some vendors that we deal with prefer their end of the VPN tunnel to be terminated on public subnet and some prefer that we do it on their private subnet. So, is that a challenge with Fortinet devices?
Thanks in advance. Please let me know.