IPSec and two NAT devices along path

tedew · ‎02-10-2025

Hello,

I have to connect over IPSEC two locations.

Achitecture is looks like below:

SiteA LAN - FGT1 - Router - ISP1 device------ Internet-------- ISP2 device - Router- FGT2 - SiteB LAN

Possible to create IPSec on Fortigtes (some NAT-T )?? If yes, could you please provide some tips how to set ??

Thanks

AEK · ‎02-10-2025

Hi Ted

In case the router performs NAT then NAT-T is required.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IPSec-VPN-NAT-traversal/ta-p/197873

Or just leave it "Enable" for auto.

AEK

tedew · ‎02-10-2025

Hello,

OK, thanks for info that is possible :)

So I will go further and what IP's should I use as remote gateway :)??

Zrzut ekranu 2025-02-10 231459.png

For example on FGT1:

Which IP I should use as RemoteGaetway in IPSEC configuration:) ??

Thanks

AEK · ‎02-11-2025

You put the public IP addresses, i.e.: on FGT1 you put 53.x.x.x and on FGT2 you put 78.x.x.x.

AEK

tedew · ‎02-11-2025

Hello AEK,

hmm, but this terminate me IPSEC on Router2 ??

I mean when on FGT1 I will put 53.x.x.x in IPSEC config - this is IP on Router2 connected to ISP. So something more on Router2 to do to bypass this trafic to FGT2 and then terminate IPSEC tunel (to have IPSEC between FGT1 and FGT2) ??

Thanks

IPSec and two NAT devices along path

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website