Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Igneus
New Contributor

communicate two branches that are behind a cgnat

Hello, I have 2 branches that have 3 links each (this due to the instability of the ISPs). In both branches I have the same 3 ISPs. 2 of these ISPs do not offer a public IP, but rather an IP from their LAN (CGNAT), I want to connect these branches via VPN through these ISPs, I talked to the carriers and there is no way they forward a port to my branches. I read in a similar question that this can be solved using a hub-to-spoke VPN, placing the hub in some cloud or site with a fixed IP and making my 2 branches spokes. is there a tutorial on how to do this? 
the services i want to comunicate are: 
voice, BD´s, and web internal serversVPN 3 isp CGNAT.png

give it a shot
give it a shot
2 REPLIES 2
hbac
Staff
Staff

Hi @Igneus,

 

Hub and spoke is referred as ADVPN. You can refer to https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/820072/advpn-with-bgp-as-the...

 

There should be a way to do port forwarding on the ISP side to forward traffic to FortiGate IP address. Even a home based ISP modem is able to do that. 

 

Regards, 

Igneus
New Contributor

Hi @hbac 

Thanks for the answer, the problem with the ISP is that the nat is on my modem and in the router of my carrier something like forti WAN GW is: 192.168.100.1 the modem of my isp GW is 169.100.201.x dinamically assigned. and if i ussed whats my public ip theres another ip. CGNAT

give it a shot
give it a shot
Labels
Top Kudoed Authors