Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ghani
New Contributor

DNS resolution over IPSec VPN Tunnnel

 

I have an IPsec VPN tunnel between a FortiGate and VPN gateway. The Tunnel works fine and is pingable. The DNS is on the remote site. I can ping the IP addresses of the DNS server but the DNS resolution is not working over IPSec tunnel. I have looked this problem up and found that I must perhaps define a domain in my IPSec  phase1-parameters through CLI. HOwever set domain command is not available on my fortigate CLI. I have tried to set mode-cfg but still no luck. Cloud you please let me know how can I set domain in phase parameters or perhaps another possible solution to this DNS resolution problem. ? 

1 REPLY 1
mgoswami
Staff
Staff

Hi,

 

You can use this command:
For IPsec VPN.

# config vpn ipsec phase1-interface
(phase1-interface) edit <VPN TUNNEL NAME>
(VPN TUNNEL NAME) set domain abcd.local
(VPN TUNNEL NAME) end

Refer to this link:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-resolution-over-IPsec-SSL-VPN/ta-p/191...
Top Kudoed Authors