- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Site-to-Site VPN with a peer over dynamically assigned name
Hi All,
There is an office that uses FortiGate as a router.
There is a site-to-site VPN tunnel between Azure and that office.
The office has a modem connected to the FortiGate router with 4G connection and when their primary connection is down the router fails over to the modem.
Because Site-to-Site VPN between resources in Azure and the on-prem network is vital for business apps when the FortiGate fails over to the 4G modem there should be also a VPN tunnel over that modem.
When the FortiGate fails over to 4G modem it is assigned a non-routable IP address 1.XXX.XXX.XXX and for this reason DynDNS service is used to associate 1.XXX.XXX.XXX with a DNS name.
Below are the screenshot of Azure side and on-prem side VPN configuration.
Both Azure and FortiGate configuration for VPN over 4G were copied from working VPN configuration over primary WAN connection.
If someone has experience with Azure Site-to-Site VPN over 4G please advise if something is wrong in my configuration (1st screenshot).
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
First we need to check you have default active route through modem connection.
After that check tunnel is coming up or not, according to your screenshot tunnel configuration look correct.
Make sure you increase priority of modem tunnel route compare to primary tunnel.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks guys for your replies.
I can only tell that Site-to-Site VPN over 4G perfectly works with another FortiGate.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All again,
Could you please advise what logs I should check next time I test or try to establish Azure-to-Site over 4G VPN.