Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
O_Lytvyn
New Contributor

Site-to-Site VPN to network behind two NAT routers

Hello everyone,

I have next setup:  1) Main office with Fortiget 40C as router/firwall (lets say IP of external inteface is 8.8.8.8 and LAN network behind it ( 192.168.24.0/24) 2) VPS server in Cloud. It stand behind 2 routers/firewalls (first one is CentOS (lets say IP of external inteface is 8.8.4.4) -managed by cloud provider, second one is Endian Community - managed by our side. Both of them using NAT.

 

Cloud provider did port-forwarding for us to access to that server via RDP (its look like this 8.8.8.8:4555->>10.1.40.120:8888-->>>192.168.0.1:9999)

 

Hand made picture in attachment ;)

 

Question1: am i right that for Site-to-Site IPsec i need next opened ports - UDP 500 and 4500 in these whole sequence?

Question2: what if cloud provider have this ports reserved (UDP 500 and 4500), is there is possiblility to point Fortigate 40C to send packets with Phase1 and Phase2  data to custom ports?

 

Thank you.

 

PS. Im familliar with IPsec tunnel creating, but never had 2 NATs in between ;)

PS2. Cloud provider said that they currently sold all Real/White IPs, and cant give us any :(

1 REPLY 1
O_Lytvyn
New Contributor

Problem resolved: Cloud ISP gave us Public IP address. After this Site-to-Site IPsec between Endian Firewall and Fortigate was easily configured.

Labels
Top Kudoed Authors