Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
altafuom
New Contributor

Issue with IPSec VPN

Dear Support forum,

I hope this message finds you well. We have a FortiGate 60F device with a one-year free license in our office and are in need of remote access to our office network. Despite watching numerous YouTube videos, I have been unsuccessful in configuring the IPSec remote site access VPN without a public IP.
Could you please provide guidance and support in configuring the VPN without relying on a public IP address? Any step-by-step instructions or alternative methods such as NAT traversal techniques or Dynamic DNS would be greatly appreciated.

3 REPLIES 3
abarushka
Staff
Staff

Hello,

 

Could you please clarify whether you have access to the upstream device to configure port forwarding and whether upstream device support DDNS?

FortiGate
altafuom

I don't have knowledge of DDNS as there any option that without public IP i can configure IPSec remote access vpn.

Debbie_FTNT

Hey altafuom,

the issue is that the IPSec clients need to initiate the connection.

This means they need to be able to reach the FortiGate in question somehow via internet. If the FortiGate does not have a public IP, then I assume it is behind a router of some kind? You might have to set up port-forwarding or something like that on that router, so it knows to forward IPSec connection requests to the FortiGate.

In addition, if that internet-facing router changes public IPs, then you need DynDNS of some kind - that internet-facing router should be set up accordingly so it registers its own IP (and reports changes) to the DynDNS operator and the DNS name assigned to that internet-facing router always points to the correct IP.

That way, clients would connect to that hostname, resolve it via DNS and get your router's current public IP, the connection request hits the router, and the router should forward to FortiGate for further handling.

 

If the FortiGate itself is internet-facing (there's no router in between it and the internet) then you need to set up DynDNS on the FortiGate itself.

The clients need some way to reach the FortiGate via internet to successfully establish an IPSec VPN (or SSLVPN) tunnel.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Top Kudoed Authors