VPN Console supports NAT device with a public IP feature
A public-ip field has been added to the Advanced Options menu when defining a Managed Gateway in VPN console. Use this field to define a public IP address to which the IPsec VPN tunnel needs to be established, when the FortiGate is behind a device performing NAT.
This field can also be used in the following situations:
• A VPN node has the Local Gateway field configured, in order to establish the IPsec tunnel to a configured secondary IP, on a FortiGate's default VPN interface. Set the public-ip field with the same value as the local gateway, so that the remote VPN peers establish the IPsec tunnel to that secondary IP, instead of the default VPN interface IP.
• The FortiGate's default VPN interface is configured to use a dynamically assigned IP via DHCP or PPPoE, and once attributed, this IP address remains static. VPN Console will normally fail during the install process, stating that the FortiGates's VPN interface does not have an IP or is configured with an IP value of 0. The solution is to configure the dynamically assigned IP value in the public-ip field for that FortiGate device.
See
“VPN Console” for more information.