Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Need2Know
New Contributor II

Site to Site VPN Fortigate 40F to Azure

Device : Fortigate 40F

Firmware :v7.0.12 build0523 (Mature)

 

I am following this article to configure site to site VPN :

 

https://newhelptech.wordpress.com/2022/01/01/step-by-step-how-to-configure-site-to-site-vpn-microsof...

 

 

2023-08-07_12-25-00.jpg

 

Logs.jpg

I am not sure how to setup parameters for phase 1 and phase 2 tunnel and how do I configure Phase 2 tunnel since I cant find any options in firewall console.

20 REPLIES 20
Need2Know
New Contributor II

Tunnel has been established After setting up phase 1 and phase 2 encryption but no communication between subnets. Highly appreciate your support to help me investigate the issue.No communication.jpg

pgautam

Hi @Need2Know 

 

I am glad to know that the tunnel is configured successfully.

Please check if you have the route configured correctly.
Make sure if you are using SDWAN or policy route to send the all the traffic via the ISP interface.

For checking the traffic please check collect the below debug logs and confirm that traffic is leaving from the firewall.

Putty1 :
 
diag debug reset
diagnose debug console timestamp enable
diag debug flow show function-name enable
diag debug flow filter addr x.x.x.x <<< replace x.x.x.x with source machine IP address
diag debug flow trace start 10000
diag debug enable

Putty2 :

diag sniffer packet any ' host x.x.x.x' 6 0 a


Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Need2Know
New Contributor II

Hi @pgautam

 

Please download the txt files in ZIP from the link below. 

 

https://we.tl/t-5xtJZJEP0G

 

There was no option to upload the txt files here

Need2Know
New Contributor II

Hi @pgautam 

 

Please advise how do I upload txt files here as attachment as there is only option to upload photos. 

 

Please help. 

 

 

Need2Know
New Contributor II

https://we.tl/t-5xtJZJEP0G

 

Please download the file from we transfer.

pgautam

Hi @Need2Know 

 

Thank you for sharing the logs. We are not observing any traffic towards the 10.0.1.4 from the debug file.

 

Please check the routes on the FortiGate using below command:-

get router info routing-table details 10.0.1.4

 

This should point toward the IPSEC tunnel you created.

 

If after confirming the proper route and policy also traffic does not work then you can open the TAC case for further investigation.

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

 

 

 

Need2Know
New Contributor II

Thank you so reply @pgautam . Please see the output below. 

 

Firewall #
Firewall # get router info routing-table details 10.0.1.4

Routing table for VRF=0
Routing entry for 0.0.0.0/0
Known via "static", distance 5, metric 0, best
* 94.203.142.1, via ppp2

Need2Know
New Contributor II

not sure why firewall is keeping 

* 94.203.142.1, via ppp2

pgautam

Hi @Need2Know 

 

Please check the AD value of the route gets configured for the IPSEC tunnel interface subnet. 

Apart from this please the IPSEC tunnel route from the database

 

get router info routing-table database

 

If a route using the tunnel shows inactive in that case make sure the tunnel status is up 

get vpn ipsec tunnel summary

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-IPsec-VPNs-tunnels/ta-p/195955

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

 

Need2Know
New Contributor II

Azure Virtual Network gateway IP address is 20.203.52.164

Firewall WAN IP address is 94.206.201.171

Labels
Top Kudoed Authors