IPsec Azure

AUT_Maverick · ‎03-28-2024

IPsec tunnel from our firewall (Fortigate 100F) to Azure basically works, as soon as we set up NAT or activate NAT rules in Azure, the tunnel breaks down or the traffic does not work. My concern is that we are probably not passing through the NAT range correctly, but I cannot prove this.

HUVA

AEK · ‎03-28-2024

Is your NAT address defined in phase2 selector on both ends?

AEK

hbac · ‎03-28-2024

Hi @AUT_Maverick,

Please check phase2 selectors as suggested by AEK. You can also collect ike debugs to see why it is not working. Please refer to this article: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Understanding-IPsec-iked-debug-logs/ta-p/2...

Regards,

Shashwati · ‎03-28-2024

Please review the following document to verify the Tunnel configuration

https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/281360/ipsec-vpn-to-an-azure-with-virtu...

CatInHat · ‎03-29-2024

Your concern is quite understandable. Perhaps the problem is actually related to incorrect NAT range transfer configuration. It is recommended to check the correct NAT settings on both sides of the tunnel and ensure that the NAT range is correctly transmitted through the tunnel. It is also worth paying attention to possible conflicts in network settings and routing settings. If in doubt, you can contact Fortigate or Azure support for further assistance.

IPsec Azure

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website