Has anyone successfully set up an IPsec VPN with an Azure VPN gateway (route or policy based) using Fortios 5.4 connected to a child VDOM?
I have a FG-60E in a multiple VDOM configuration where the root VDOM is utilized for management only, and two additional VDOMs acting as security zones separating two network infrastructures. Both child VDOMs are configured as Route/NAT VDOMs. All internet traffic flows thru the wan1 interface in the root VDOM. I only have one external IP address available for use for internet connectivity.
I need to set up an Azure IPsec VPN with one of the child VDOMs. I have followed the instructions at http://cookbook.fortinet.com/ipsec-vpn-microsoft-azure-54 to set up a IPsec VPN in the root VDOM, with what modifications I believe are necessary to get the VPN traffic to/from the child VDOM. However the tunnel never connects.
I am pondering alternatives such as routing VPN traffic to/from the child VDOM thru a new transparent VDOM. But I will admit that at this point I am simply spitballing potential solutions.
Anyone have any viable solutions?
Regards,
Scott
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
From a practical standpoint, this issue is resolved. The problem turned out to be an incorrect gateway address on the Azure side. Once the correct azure gateway address was used to build the IPsec tunnel, the tunnel came online.
The only change/addition from the Fortinet cookbook article listed above was to create address objects and firewall rules (ahem, IPv4 Policy address objects and rules) on both the root VDom and the child VDom allowing the tunnel traffic inbound and outbound.
I still have an outstanding question on using the child VDom as the tunnel termination point rather than the root VDom. Is that a possibility?
Thanks,
Scott
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.