Dear Support forum,
I hope this message finds you well. We have a FortiGate 60F device with a one-year free license in our office and are in need of remote access to our office network. Despite watching numerous YouTube videos, I have been unsuccessful in configuring the IPSec remote site access VPN without a public IP.
Could you please provide guidance and support in configuring the VPN without relying on a public IP address? Any step-by-step instructions or alternative methods such as NAT traversal techniques or Dynamic DNS would be greatly appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Could you please clarify whether you have access to the upstream device to configure port forwarding and whether upstream device support DDNS?
I don't have knowledge of DDNS as there any option that without public IP i can configure IPSec remote access vpn.
Hey altafuom,
the issue is that the IPSec clients need to initiate the connection.
This means they need to be able to reach the FortiGate in question somehow via internet. If the FortiGate does not have a public IP, then I assume it is behind a router of some kind? You might have to set up port-forwarding or something like that on that router, so it knows to forward IPSec connection requests to the FortiGate.
In addition, if that internet-facing router changes public IPs, then you need DynDNS of some kind - that internet-facing router should be set up accordingly so it registers its own IP (and reports changes) to the DynDNS operator and the DNS name assigned to that internet-facing router always points to the correct IP.
That way, clients would connect to that hostname, resolve it via DNS and get your router's current public IP, the connection request hits the router, and the router should forward to FortiGate for further handling.
If the FortiGate itself is internet-facing (there's no router in between it and the internet) then you need to set up DynDNS on the FortiGate itself.
The clients need some way to reach the FortiGate via internet to successfully establish an IPSec VPN (or SSLVPN) tunnel.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.