Hot!Routing traffic VPN user to - site to site IPSec VPN - Azure Network

Author
walvarez
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/10/18 19:34:57
  • Status: offline
2020/10/18 23:51:03 (permalink)
0

Routing traffic VPN user to - site to site IPSec VPN - Azure Network

Hello guys,  I have configured an ipsec vpn between my fortinet and azure, and everything works ok, the traffic passes without problem. Additionally, I have configured an ipsec vpn with a forticlient user towards my fortinet and it connects well to my internal fortinet lan network. Now I want to make my user's traffic reach Azure, how can I do this? Can you give me the configuration guide?   How to - Setup. 
 
  ipsec vpn user  -----          Fortigate 100e  ----------  Azure Network
192.168.30.0/24              192.168.100.0/24                10.0.1.0/24   
           <---traffic ok----->                         <---traffic ok----->
 
 30.0 |<----------------------traffic failed------------------------->|1.0
 
Thanks for your reply
 
#1

3 Replies Related Threads

    boneyard
    Gold Member
    • Total Posts : 379
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: Routing traffic VPN user to - site to site IPSec VPN - Azure Network 2020/10/19 08:45:11 (permalink)
    0
    i doubt there will be a guide or such specific enough for this.
     
    some things to consider
     
    - do you do full tunnel or split on the SSLVPN?
     
    - are there firewall rules allowing SSLVPN traffic to the Azure VPN?
     
    - does Azure VPN know the route back to .30.?
    #2
    walvarez
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/10/18 19:34:57
    • Status: offline
    Re: Routing traffic VPN user to - site to site IPSec VPN - Azure Network 2020/11/25 20:06:45 (permalink)
    0
    Hi Boneyard,  thanks for you reply.  
     
     do you do full tunnel or split on the SSLVPN?       It is not an ssl tunnel, it is an ipsec tunnel created by VPN wizard
     
    - are there firewall rules allowing SSLVPN traffic to the Azure VPN?   Yes, there are rules allowing traffic to the azure vpn
     
    - does Azure VPN know the route back to .30.?   Yes,  on the azure  is created the network 30.0 too. 
     
    traffic still not flowing between 30.0  and  1.0. 
     
    Attached image of rules in the fortigate.   Thanks  for your help.

    Attached Image(s)

    #3
    isamt
    Bronze Member
    • Total Posts : 48
    • Scores: 2
    • Reward points: 0
    • Joined: 2017/12/29 01:52:35
    • Status: offline
    Re: Routing traffic VPN user to - site to site IPSec VPN - Azure Network 2020/11/26 01:36:46 (permalink)
    0
    Using 192.168. addressing is probably not a good idea here as most vpn users will also be using this range at home.
     
    What you have is logically correct.
    Just a case of checking that the vpn user traffic for the Azure subnet actually is reaching the Fortigate.
    Then also checking that you see traffic from Azure coming back to the Fortigate for the vpn subnet.
     
    You can then easily see where the problem is, either Azure has no route back for the vpn subnet or the vpn client sending the traffic for Azure to their local network or the Forigate dropping the traffic.
    #4
    Jump to:
    © 2021 APG vNext Commercial Version 5.5