Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Site 2 Site VPN trough FortiGate to Bintec Router

Sorry folks for this questioning here, but i am very new to this kind of problem and configuring a FortiGate Firewall (new boss).

My task is to realize a Site 2 Site IPsec VPN connection like this:


  • Initiatied by THird Party,
  • Our Side:[ol]
  • Router ->
  • Transfernet ->
  • FortiGate ->
  • Transfernet ->
  • Bintec R1202[/ol][/ol]

    The VPN connection should be established between ThirdParty initiator and Bintec R1202.


    Bintec is in TRUSTED segment. Both now connected by HP Aruba switch in TRUSTED segment.


    The Problem is that in old network configuration, Bintec R1202 was directly behind FritzBox Router, static routeing on FritzBox


    Does anybody have any idea or helping hand solving this problem? I really would be lucky to solve this.


  • 1 REPLY 1
    Esteemed Contributor III

    AFAI can see your problem is that the external cannot see the private IP of the Bintec router.

    If you can obtain a public IP address which is not part of the 'router's WAN addresses you could route that through. If not, the router needs to terminate the VPN.

    The FGT doesn't have a role to play with this.


    One workaround would be to let the Bintec open the tunnel (farside: 'dial-in' VPN). This way, it would use your WAN IP through NAT but all inside routers would know how to handle the traffic.


    Sigh, or just get rid of the Bintec, I've dealt with them yourself a favor. And let the gateway router (either the router or the FGT) terminate VPNs.


    "Kernel panic: Aiee, killing interrupt handler!"
    Ede"Kernel panic: Aiee, killing interrupt handler!"
    Top Kudoed Authors