Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AUT_Maverick
New Contributor III

IPsec Azure

IPsec tunnel from our firewall (Fortigate 100F) to Azure basically works, as soon as we set up NAT or activate NAT rules in Azure, the tunnel breaks down or the traffic does not work. My concern is that we are probably not passing through the NAT range correctly, but I cannot prove this.

 

HUVA
HUVA
4 REPLIES 4
AEK
SuperUser
SuperUser

Is your NAT address defined in phase2 selector on both ends?

AEK
AEK
hbac
Staff
Staff

Hi @AUT_Maverick,

 

Please check phase2 selectors as suggested by AEK. You can also collect ike debugs to see why it is not working. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-IPsec-iked-debug-logs/ta-p/2...

 

Regards, 

Shashwati
Staff
Staff

Please review the following document to verify the Tunnel configuration 

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/281360/ipsec-vpn-to-an-azure-with-virtu...

CatInHat
New Contributor III

Your concern is quite understandable. Perhaps the problem is actually related to incorrect NAT range transfer configuration. It is recommended to check the correct NAT settings on both sides of the tunnel and ensure that the NAT range is correctly transmitted through the tunnel. It is also worth paying attention to possible conflicts in network settings and routing settings. If in doubt, you can contact Fortigate or Azure support for further assistance.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors