IPSec VPN with domains

rbross · ‎05-23-2018

I successfully have 2 remote sites with Fortigate 30E firewalls connected with each other using an IPSec tunnel. When I first set it up one of the sites had static IPs and the other used DHCP. So I had the site that used DHCP establish the tunnel, since it knew what the other end's IP was.

However, we moved the office that had static IP and in order to get greater bandwidth at a better price went with DHCP. So now both sides use DHCP. Both sites also dynamically update our DNS infrastructure if their IPs change, so their DNS domains are valid and will return valid IPs.

My question is: is there a way to configure the VPN tunnel on both sides to use domain names instead of IP addresses? As it stands, if there is an outage and the WAN interface gets assigned a different IP, someone will get alerted and will have to manually reconfigure the tunnels. We used to have Zywalls (the Fortigates are a huge improvement) and although their UI was terrible, they had a lot more granular control of IPSec settings and we were able to use domains instead of IPs.

rbross · ‎05-23-2018

I think I solved it myself, simply changing the remote ID to "Dynamic DNS". Duh! How did I miss that?

rwpatterson · ‎05-23-2018

LOL! Glad you figured it out.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

rbross · ‎05-23-2018

Thing is, I actually used to work for one of the dynamic DNS companies, so I spaced out assumed that was some sort of compatible client to update DNS. But I should have known since it was under VPN and not WAN interface.

rwpatterson · ‎05-23-2018

Old habits die hard...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

IPSec VPN with domains

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website