Hi,
I am not sure if this is a Fortinet or Windows issues, but just wanting to know if anyone else has experienced the issue I am having.
I have a working VXLAN over IPSec working. I can stand up Windows 2019 servers at both ends of the tunnel and at a basic level (ping, DNS etc all appear to be fine). However, what I am finding is that Kerberos traffic doesn't seem to cross the VXLAN.
I can't login to a Windows server until I either
1) Disable the networking on the Windows server - Can then login with cached credentials and then re-enable networking (however this then presents issues access other network resources as server didn't complete any domain registration processes) OR
2) Stand-up an Active Directory Server on the same site as the server I want to have running at the second site - In this case all works well.
When I choose option 1 - I can, ping the remote Active Directory server, complete DNS queries against remote site server, but can't map Windows shares or any other task requiring authentication.
Packet captures and Wireshark traces don't show any issues.
If I chose option 2 - there are no problems everything works as expected, however I don't really want to have to stand-up a second Active Directory server.
Has anyone else experienced anything similar?
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
We had a similar issue over IPsec (without VXLAN). Is it possible that your Kerberos traffic are fragmented over your tunnel?
Please check that with "Package capture"-function.
If yes, please try with:
config vpn ipsec phase1-interface
edit xxx
set ip-fragmentation pre-encapsulation
end
Hi Scan888,
I checked the fragmentation and then set the ip-fragmentation but unfortunately it didn't resolve the issue.
Thanks for the tip anyway.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
443 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.