Hi all, I have very limited exposure and experience configuring firewalls and I'm completely new to using Fortigate products. However part of my new job requires working with and understanding Fortigate firewalls, setting up VPN's etc...so please excuse my ignorance! I have a basic IPsec VPN question. I need to configure a site-to-site IPsec vpn tunnel between two sites. Site 1: Main company HQ site is using a Fortigate 200E. The Fortigate has a public ip on its WAN interface which is directly facing the internet. Site 2: Branch site will be using a Fortigate 30E. This site is a remote area which uses an internet connection from the Modem router network that we have no control of. The Branch Fortigate WAN interface will be directly connected to a spare LAN interface on the Modem NAT router (a huawei b315s Wireless MODEM Router ). The purpose of the IPsec VPN is to allow staff at the branch site to be able to access a windows server on the HQ's lan network. Is it possible to setup the IPsec tunnel even though the branch Fortigate sits behind a NAT router? I have looked through the Fortigate support documentation, but could not figure out how to do it, I'm sure it is straight forward as I'm guessing this scenario is not that uncommon. The closet I have come is this video, but it mentions dialup, and I'm not sure it is related to what I want. http://video.fortinet.com/video/102/site-to-site-ipsec-vpn-behind-firewall-nat-device. I would appreciate any advice. Many thanks,
The answer is yes, you need to use a feature in the ipsec conf called nat-t
A good document about it:
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.