Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rfg76
New Contributor

Site to Site VPN with Azure

Hi, I'm trying to setup a Site to Site VPN with Azure.

I've followed the steps in this recipe

The IPSec monitor shows as Connected. In the Azure portal shows some KB in DATA OUT, but 0 in DATA IN.

Cannot ping from a virtual machine in azure to my local  LAN (on-prem)

Neither can ping from the Fortigate console to any IP on the virtual side.

 

I have enable debug on the Fortigate and have this results, but no idea on what it means:

 

ike 0: comes [Azure_IP]:500->[FTGT_IP]:500,ifindex=3....
ike 0: IKEv2 exchange=INFORMATIONAL id=ff497ec703...../becdeaa....f52:000000a0 len=76
ike 0: in FF497EC703CE186BBECDEAAD144F7F522E202...D88AF14CEFA
ike 0:AzureVPN:74: dec FF497EC703CE186BBECDEAA...0A00000002000000004
ike 0:AzureVPN:74: received informational request
ike 0:AzureVPN:74: enc 0F0E0D0C0B0A0...0302010F
ike 0:AzureVPN:74: out FF497EC703CE186BBECDEAAD144F7F522E...D88D0BB58877DC2953CC2274C191
ike 0:AzureVPN:74: sent IKE msg (INFORMATIONAL_RESPONSE): [FTGT_IP]:500->[Azure_IP]:500, len=76, id=ff497ec70..../becde....f52:000000a0

 

Does anyone knows what else should I check?

 

 

2 REPLIES 2
bmotamed
New Contributor

same issue with 80c with arm mode on azure ! have you found something?

thanks

rfg76
New Contributor

I think the step missing in the recipe is create a static route.

I have mi FTG configure with the nexte route:

 

Destination = 10.1.0.0/255.255.0.0

Device = AzureVPN  <-- that's the name of the VPN tunnel

 

HTH

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors