Site-to-Site VPN with a peer over dynamically assigned name

Forum|Forum|1 year ago
July 24, 2024
3 replies
1235 views

Hi All,

There is an office that uses FortiGate as a router.

There is a site-to-site VPN tunnel between Azure and that office.

The office has a modem connected to the FortiGate router with 4G connection and when their primary connection is down the router fails over to the modem.

Because Site-to-Site VPN between resources in Azure and the on-prem network is vital for business apps when the FortiGate fails over to the 4G modem there should be also a VPN tunnel over that modem.

When the FortiGate fails over to 4G modem it is assigned a non-routable IP address 1.XXX.XXX.XXX and for this reason DynDNS service is used to associate 1.XXX.XXX.XXX with a DNS name.

Below are the screenshot of Azure side and on-prem side VPN configuration.

Both Azure and FortiGate configuration for VPN over 4G were copied from working VPN configuration over primary WAN connection.

If someone has experience with Azure Site-to-Site VPN over 4G please advise if something is wrong in my configuration (1st screenshot).

Thanks in advance.

tpatel

Staff

Hello,
First we need to check you have default active route through modem connection.
After that check tunnel is coming up or not, according to your screenshot tunnel configuration look correct.
Make sure you increase priority of modem tunnel route compare to primary tunnel.

4kusnikAuthor

New Member

Thanks guys for your replies.

I can only tell that Site-to-Site VPN over 4G perfectly works with another FortiGate.

4kusnikAuthor

New Member

Hi All again,

Could you please advise what logs I should check next time I test or try to establish Azure-to-Site over 4G VPN.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded