Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Help with IPSec VPN Source IP

My company installed a new FortiGate 90D in one of our branch offices and I configured it to match our existing FortiGate in another office aside from their external facing IPs and DHCP ranges etc.


Connectivity seems to be fine between sites and from both of our sites and our MS Azure instance but the issue I am having is from the new FortiGate and our Azure LDAP server.


When using a sniffer packet and pinging from the new FortiGate to Azure LDAP it is showing as a source IP that is using the external IP of the router, which gets no ICMP reply. When I do this same test on the currently working FortiGate the IP of the router is translated to the internal IP address, which is allowed.


I compared the configs and everything is the same and I was not able to find anywhere on the working device that is telling it to translate the IP on the IPSec VPN tunnel from the external IP to internal.


The only difference in the two devices is the firmware version, the working one is on 5.2.4 and the new one is using 6.0.13.


The VPN tunnel is up and active and I am able to ping from the new site to the old site, but not directly from the new 90D itself.


Do I just need to set the IP address of the new 90Ds IPSec VPN interface? Currently the working one does not have an IP address set so I'm not quite sure how it is being translated from the External IP -> Internal.


Any advice?

New Contributor

Hey guys - anyone got any advice? I am pretty confused here as I don't really know where the currently working 90D is translating the address from the external IP to internal. I don't see anything configured on the VPN Tunnel interface itself or on the WAN1 interface.


I wish I could help but I have a similar issue. Maybe your research could help here. 


I have an IPSec tunnel running with 1 host on each side. I'm trying to reach (ping as a test) the remote side which has a FortiAuth Radius server, using my local Fortigate as a Radius client. The connection fails and sniffer show no traffic even going over the tunnel from the firewall. 


Have any suggestions? Thanks


Is the IPSec tunnel showing as up and live? Or is it not able to authenticate and come up?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors