Skip to main content
walvarez
walvarez
New Member
October 19, 2020
Question

Routing traffic VPN user to - site to site IPSec VPN - Azure Network

  • October 19, 2020
  • 2 replies
  • 4410 views

Hello guys,  I have configured an ipsec vpn between my fortinet and azure, and everything works ok, the traffic passes without problem. Additionally, I have configured an ipsec vpn with a forticlient user towards my fortinet and it connects well to my internal fortinet lan network. Now I want to make my user's traffic reach Azure, how can I do this? Can you give me the configuration guide?   How to - Setup. 

 

  ipsec vpn user  -----          Fortigate 100e  ----------  Azure Network

192.168.30.0/24              192.168.100.0/24                10.0.1.0/24   

           <---traffic ok----->                         <---traffic ok----->

 

 30.0 |<----------------------traffic failed------------------------->|1.0

 

Thanks for your reply

 

    2 replies

    boneyard
    boneyard
    Valued Contributor
    October 19, 2020

    i doubt there will be a guide or such specific enough for this.

     

    some things to consider

     

    - do you do full tunnel or split on the SSLVPN?

     

    - are there firewall rules allowing SSLVPN traffic to the Azure VPN?

     

    - does Azure VPN know the route back to .30.?

    walvarez
    walvarezAuthor
    New Member
    November 26, 2020

    Hi Boneyard,  thanks for you reply.  

     

     do you do full tunnel or split on the SSLVPN?       It is not an ssl tunnel, it is an ipsec tunnel created by VPN wizard   - are there firewall rules allowing SSLVPN traffic to the Azure VPN?   Yes, there are rules allowing traffic to the azure vpn   - does Azure VPN know the route back to .30.?   Yes,  on the azure  is created the network 30.0 too. 

     

    traffic still not flowing between 30.0  and  1.0. 

     

    Attached image of rules in the fortigate.   Thanks  for your help.

    isamt
    isamt
    New Member
    November 26, 2020

    Using 192.168. addressing is probably not a good idea here as most vpn users will also be using this range at home.

     

    What you have is logically correct.

    Just a case of checking that the vpn user traffic for the Azure subnet actually is reaching the Fortigate.

    Then also checking that you see traffic from Azure coming back to the Fortigate for the vpn subnet.

     

    You can then easily see where the problem is, either Azure has no route back for the vpn subnet or the vpn client sending the traffic for Azure to their local network or the Forigate dropping the traffic.

    Terms & ConditionsAccessibility statement