Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
Contributor

IPSec with 4G Router - no incomming data

Hi:

 

We have a problem with a customer who has a fibre line which is not working because of flooding in his town :(. We could provide him some basic internet connection with a 4G router (40MB up/down) and it works OK.

 

Problem is that another branch has to connecto via VPN to them to work with the ERP, so we need the VPN connection.

 

We configured the DMZ functionality in the 4G router and we have NAT to the FG. We are unable to connect from outside to the IP (whatismyip.com). Also with the FortiDDNS we cant connect from outside. We disables the firewall functionality from the 4G Router but again no chance to connect, so we dont know if the DMZ function works or if the IP is not correct (maybe the 4G provider routes the traffic and there is no chance to get a real IP to connect).

 

The VPN we tried first with agressive mode chaning both sides. The VPN goes UP but there is no incomming data on the Forti behind the 4G Router. We see outgoing traffic from the other Forti.

 

Than we tried main mode with the IP we got from the WAN on the FG but with the same result.

 

So basically we dont know if the problem is that this is not the real IP or if the DMZ of the 4G router is not working. 

 

Any ideas or suggestions?

 

Thanks!

 

3 REPLIES 3
ebilcari
Staff
Staff

Most probably the 4G router doesn't have a public IP and the traffic will end up double NATed. If the branch that has a stable connection has a public IP on the FGT you may try to build a dial up VPN from HQ to the branch. FGT on HQ being the dialup client.

https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/6896/fortigate-as-dialup-client

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
HocineBot
New Contributor

Hello,

We have the same probleme in our company. we have FW fortinet and a 4G network (IP not fix).

Is there a solution for setup a vpn ? we have time clocks to connect remotely and on the cloud ?

Thanks in advance.

ebilcari

If one of the sites (HQ) has a fixed public IP (or fixed IP in the private 4G network) than the other FWs can build a VPN even if they are behind NAT as long as they are able to reach it.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors