Hi Community,
I have two sites which are both natted and I would need to establish a IPSec Site-to-Site VPN connection. Both Sites are equipped with FGT60s. Currently I'm not able to establish the connection, I would guess that the CGN is the reason for this - as a tunnel to a non-natted Site is working without any problem from both sites.
Has someone a clue for me how to achieve the connection or is this even possible? Not sure as NAT is still a thematic for me which causes my head to hurt.
Thanks a lot!
To clarify: The VIP/port-forwarding would have to be configured on the device that currently holds your public IP. If that's not the FortiGate (it should not be the FortiGate in a CGNAT situation), then configuring VIP will not have any effect.
Hi @KVN001 ,
You can use Hub-and-spoke deployment.
However, 1 of the side must have public IP or accessible from outside.
Example:
HQ - Public IP. Can be access from outside.
Branch - Local IP(natted by ISP/router).
In this case, Branch will connect to the HQ public IP.
This concept same as SSLVPN. Branch will initiate the traffic. HQ will respond.
But if both side is local IP and not reachable to each other, it will not work.
Its not possible for any side to respond your traffic if its not reaching your device.
Hi!
thats not working in my case as both sites are behind NAT..
I will get in touch with my provider to check what additional costs will be made for an static ip address without natting.
Thanks to all for your feedback!!
BR
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.