Hi all,   I have very limited exposure and experience configuring firewalls and I'm completely new to using Fortigate products. However part of my new job requires working with and understanding Fortigate firewalls, setting up VPN's etc...so please excuse my ignorance!   I have a basic IPsec VPN question. I need to configure a site-to-site IPsec vpn tunnel between two sites.   Site 1: Main company HQ site is using a Fortigate 200E. The Fortigate has a public ip on its WAN interface which is directly facing the internet.   Site 2: Branch site will be using a Fortigate 30E. This site is a remote area which uses an internet connection from the Modem router network that we have no control of. The Branch Fortigate WAN interface will be directly connected to a spare LAN interface on the Modem NAT router (a huawei b315s Wireless MODEM Router ).   The purpose of the IPsec VPN is to allow staff at the branch site to be able to access a windows server on the HQ's lan network.   Is it possible to setup the IPsec tunnel even though the branch Fortigate sits behind a NAT router? I have looked through the Fortigate support documentation, but could not figure out how to do it, I'm sure it is straight forward as I'm guessing this scenario is not that uncommon. The closet I have come is this video, but it mentions dialup, and I'm not sure it is related to what I want. http://video.fortinet.com/video/102/site-to-site-ipsec-vpn-behind-firewall-nat-device.   I would appreciate any advice.   Many thanks,