none
Fortigate to Azure VPN — connected but can't reach anything RRS feed

  • Question

  • I have set up an IPSec VPN between a Fortigate and Azure, according to the following instructions:

    https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-56/

    The VPN connected the first time, but I cannot see the virtual server from the local network, or anything on the local network from the server.

    My configuragion is as follows:

    • Local network: 10.1.0.1/21
    • Azure v-net: 10.1.100.0/23
    • Azure subnet: 10.1.100.0/25
    • Azure gateway subnet: 10.1.101.0/24

    I have tried pinging or RDP'ing to my server (10.1.100.10) from my computer (on the LAN), or pinging my computer from the server. Nothing results (firewalls down, or pinging from other locations).

    I already created the static route and the policies in the Fortigate.

    Although not on the instructions, I tried creating a routing table in Azure with the local network subnet going through the Virtual Network.

    Any ideas on what I should try next?

    Thanks!! -- Luis

    Sunday, March 24, 2019 4:32 AM

All replies

  • Hi Luis,

    If the tunnel is up on both ends and the traffic is not flowing then we need to check address that we specified on both the ends. 

    With the information provided we cannot predict what exactly went wrong. I would suggest to look into the logs on Fortinet and check if you are seeing any error/warnings while sending traffic. Also check if your packets are sent by your firewall. 

    If there is no issue with the IKE/IPSEC packets, then it must be the routing issues. Also in your Fortinet make sure your peer address is the entire range of IP address that you defined in Azure instead of the defining the subnets. 

    Regards, 

    Msrini

    Sunday, March 24, 2019 2:21 PM
    Moderator