Hi,
I know this is a bit off topic as it's more a security topic, but the principle is the same - its just a site-to-site ipsec tunnel.
Anyway, I've been given an impossible ipsec vpn task by my manager who tells me I MUST find a solution for it. Here is the stupidly bad network design that's been proposed and accepted.
Click this link
http://gyazo.com/2f6245add93bfc8c5451f57e1e7ce509
You will see that on the fortigate on the remote site they are using a private IP address on their wan interface that connects to the suppliers box (who provides their internet). This is the problem and why I feel that a site-to-site vpn can't be created. The supplier's box will then be running NAT. The problem with this design, is where do you set the destination endpoint IP from the fortigate in the core to the fortigate on the remote site? It can't land the ipsec tunnel on the on the public IP of the suppliers box, and it can't go to a private IP address. We have 0 flexibility for static nat configuration as the supplier won't configure it. So I feel this is an impossible task. If not, can someone tell me how it can be done please?