0

I have set up an IPSec VPN between a Fortigate and Azure, according to the following instructions:

https://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-56/

The VPN connected the first time, but I cannot see the virtual server from the local network, or anything on the local network from the server.

My configuragion is as follows:

  • Local network: 10.1.0.1/21
  • Azure v-net: 10.1.100.0/23
  • Azure subnet: 10.1.100.0/25
  • Azure gateway subnet: 10.1.101.0/24

I have tried pinging or RDP'ing to my server (10.1.100.10) from my computer (on the LAN), or pinging my computer from the server. Nothing results (firewalls down, or pinging from other locations).

I already created the static route and the policies in the Fortigate.

Although not on the instructions, I tried creating a routing table in Azure with the local network subnet going through the Virtual Network.

Any ideas on what I should try next?

Thanks!! -- Luis

Luis Alonso Ramos
  • 43
  • 1
  • 3
  • 8
  • Check your routers and route table entries on both sides. – Todd Wilcox Mar 24 '19 at 07:19
  • I got it to work. My Fortigate was connected to an ISP that did not give me a public IP (the modem is behind several NATs), so I had no way of opening the Fortigate WAN to be seen from the outside. In other Fortigate-to-Fortigate installation this was no issue (as long as the other Fortigate was visible, the invisible one would create the tunnel). I moved the Fortigate to a different ISP, set the modem to DMZ and voilà, it just worked. Apparently the VPN will connect, but if Azure does not see the Fortigate from the outside, it won't route anything. I even deleted the static routes. – Luis Alonso Ramos Mar 25 '19 at 15:31

1 Answers1

0

The following link takes up a bunch of pointers on what could be wrong. https://techcommunity.microsoft.com/t5/Azure/Creating-a-VPN-do-I-need-to-add-a-route-to-reach-my-local-peer/td-p/146619

In a troubleshooting scenario I would look at your azure servers network card and then effective routes . There you should have your on-premise subnet with a gateway of your azure VPN gateway Effective routes

Jarnstrom
  • 705
  • 4
  • 9