Site-A FortiGate 60E UTM License Firewall is connected with Dynamic WAN IP Address with DynDNS is configured.
Site-B Cisco 2911 Security Bundles Router is connected behind the 4G Router with Private IP Address with Internet Access
1- IKEv2 with IPSec VPN is Required
2- FortiGate VPN should be configured to accept multiple incoming connections e.g. like HUB
3- Phase-1 and Phase-2 (e.g Encryption and Algorithm) should be specific
Example for Cisco:
crypto ikev2 proposal IKEV2-PROPOSAL
crypto ikev2 policy IKEV2-POLICY
crypto ipsec transform-set AES256-SHA512 esp-aes 256 esp-sha512-hmac
crypto ipsec profile IPSEC-PROFILE
set transform-set AES256-SHA512
set ikev2-profile IKEV2-PROFILE
set pfs group19
4- Meaningful Naming Convention
5- Extended ACLs and Address Group If required.