DNS resolution over IPSec VPN Tunnnel

Forum|Forum|4 years ago
September 10, 2021
3 replies
4875 views

I have an IPsec VPN tunnel between a FortiGate and VPN gateway. The Tunnel works fine and is pingable. The DNS is on the remote site. I can ping the IP addresses of the DNS server but the DNS resolution is not working over IPSec tunnel. I have looked this problem up and found that I must perhaps define a domain in my IPSec phase1-parameters through CLI. HOwever set domain command is not available on my fortigate CLI. I have tried to set mode-cfg but still no luck. Cloud you please let me know how can I set domain in phase parameters or perhaps another possible solution to this DNS resolution problem. ?

mgoswami

Staff

Hi,

You can use this command:
For IPsec VPN.

# config vpn ipsec phase1-interface
(phase1-interface) edit <VPN TUNNEL NAME>
(VPN TUNNEL NAME) set domain abcd.local
(VPN TUNNEL NAME) end

Refer to this link:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-resolution-over-IPsec-SSL-VPN/ta-p/191850

bogdan1

New Member

I have the same issue! mgoswami, you gave the same instruction the guy said he did not have an option for? Maybe read and be helpful before posting.

funkylicious

SuperUser

Hi,

At the bottom of the KB, it says that both unity-support and mode-cfg have to be enabled for IKEv1.

Have you done it (enabled) for both of them and are you using IKEv1 ?

Note:
The set domain command will be available only when 'mode-cfg' and 'unity-support' are enabled. These commands are only available when using IKEv1.

"jack of all trades, master of none"

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded