Skip to main content
rfg76
rfg76
New Member
June 26, 2015
Question

Site to Site VPN with Azure

  • June 26, 2015
  • 1 reply
  • 5349 views

Hi, I'm trying to setup a Site to Site VPN with Azure.

I've followed the steps in this recipe

The IPSec monitor shows as Connected. In the Azure portal shows some KB in DATA OUT, but 0 in DATA IN.

Cannot ping from a virtual machine in azure to my local  LAN (on-prem)

Neither can ping from the Fortigate console to any IP on the virtual side.

 

I have enable debug on the Fortigate and have this results, but no idea on what it means:

 

ike 0: comes [Azure_IP]:500->[FTGT_IP]:500,ifindex=3....
ike 0: IKEv2 exchange=INFORMATIONAL id=ff497ec703...../becdeaa....f52:000000a0 len=76
ike 0: in FF497EC703CE186BBECDEAAD144F7F522E202...D88AF14CEFA
ike 0:AzureVPN:74: dec FF497EC703CE186BBECDEAA...0A00000002000000004
ike 0:AzureVPN:74: received informational request
ike 0:AzureVPN:74: enc 0F0E0D0C0B0A0...0302010F
ike 0:AzureVPN:74: out FF497EC703CE186BBECDEAAD144F7F522E...D88D0BB58877DC2953CC2274C191
ike 0:AzureVPN:74: sent IKE msg (INFORMATIONAL_RESPONSE): [FTGT_IP]:500->[Azure_IP]:500, len=76, id=ff497ec70..../becde....f52:000000a0

 

Does anyone knows what else should I check?

 

 

1 reply

bmotamed
bmotamed
New Member
January 13, 2016

same issue with 80c with arm mode on azure ! have you found something?

thanks

rfg76
rfg76Author
New Member
January 13, 2016

I think the step missing in the recipe is create a static route.

I have mi FTG configure with the nexte route:

 

Destination = 10.1.0.0/255.255.0.0

Device = AzureVPN  <-- that's the name of the VPN tunnel

 

HTH

Terms & ConditionsAccessibility statement