Almost all firewalls support NAT-T, which allows for using a private IP address on the "outside" of the firewall (which is translated to a routable public IP address before it gets on the Internet). You will need UDP 500 (for IKE) and UDP 4500 (for IPsec NAT-T) open, so no devices between the firewalls can block those ports. I know the ASA supports this, because I have setup customers with "private" IP addresses on their ASAs in certain circumstances. I'm not familiar enough with the Fortinet equipment, but you may need to turn on a NAT-T feature.
HTH, Fred Reimer On 5/18/13 11:13 AM, "akurenath" <[email protected]> wrote: >Hi nanog, > >I have a fortigate 60c connecting a vpn tunnel to an asa 5505. I have the >connection setup, but it will not connect because unfortunately the isp >at the fortigate end decided to give us a 192.168.13/24 address. Now what >I'd like to know is if there is any way to get this vpn connection to >work through a pat connection until the isp resolves this issue? > >Thank you for any help. > >Zane > > >Sent from Samsung mobile
