I have an IPsec VPN tunnel between a FortiGate and VPN gateway. The Tunnel works fine and is pingable. The DNS is on the remote site. I can ping the IP addresses of the DNS server but the DNS resolution is not working over IPSec tunnel. I have looked this problem up and found that I must perhaps define a domain in my IPSec phase1-parameters through CLI. HOwever set domain command is not available on my fortigate CLI. I have tried to set mode-cfg but still no luck. Cloud you please let me know how can I set domain in phase parameters or perhaps another possible solution to this DNS resolution problem. ?
Hi,
You can use this command:
For IPsec VPN.
# config vpn ipsec phase1-interface
(phase1-interface) edit <VPN TUNNEL NAME>
(VPN TUNNEL NAME) set domain abcd.local
(VPN TUNNEL NAME) end
Refer to this link:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-DNS-resolution-over-IPsec-SSL-VPN/ta-p/191...
I have the same issue! mgoswami, you gave the same instruction the guy said he did not have an option for? Maybe read and be helpful before posting.
Hi,
At the bottom of the KB, it says that both unity-support and mode-cfg have to be enabled for IKEv1.
Have you done it (enabled) for both of them and are you using IKEv1 ?
Note:
The set domain command will be available only when 'mode-cfg' and 'unity-support' are enabled. These commands are only available when using IKEv1.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1109 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.