Azure to Fortigate VPN issue

Question

Azure to Fortigate VPN issue

Irin Sultana 377

Hi , I am trying to setup azure to fortigate IPsec VPN tunnel. For azure to server is working after setting up. But any reason i can not ping from server to azure. I have setup site to site vpn tunnel set up before for other location which are working . Now for new location just create a local network gateway and a VPN connection. I don't know what the issue. should i use the virtual network and local gateway network pre shared same or it doesn't matter ? I added an error screenshot. Any suggestion. Thank You! Irin

ChaitanyaNaykodi-MSFT 27,476 Reputation points Microsoft Employee Moderator

2024-01-31T03:36:45.3966667+00:00
@Irin Sultana

Thank you for reaching out.

I understand you are facing issues with your VPN connection. I see that you have mentioned you added the screenshot of the error message, but I am unable to locate it. Can you please share it again?

Meanwhile in order to pin-point the issue, I think it will help if you could follow the troubleshoot instructions below :

Check the effective routes learned by the VPN Gateway and see if the required routes are present.

Perform a packet capture on your VPN Gateway to get to know the source and destination of the packets going through the VPN gateway and help determine the if the traffic is reaching the VPN Gateway.

Check is any NSG present is blocking the RDP connectivity. You can use IP flow verify to test this connectivity.

Check if the Fortigate Device used is configured as per the validated devices list here.

Thank you!
Irin Sultana 377 Reputation points

2024-01-31T17:06:15.7133333+00:00

Hi , Thank You for your reply! I added the screenshot again. Thank You!

Accepted answer

0 additional answers

Your answer

ChaitanyaNaykodi-MSFT 27,476 Reputation points Microsoft Employee Moderator

2024-01-31T03:36:45.3966667+00:00

@Irin Sultana

Thank you for reaching out.

I understand you are facing issues with your VPN connection. I see that you have mentioned you added the screenshot of the error message, but I am unable to locate it. Can you please share it again?

Meanwhile in order to pin-point the issue, I think it will help if you could follow the troubleshoot instructions below :

Check the effective routes learned by the VPN Gateway and see if the required routes are present.

Perform a packet capture on your VPN Gateway to get to know the source and destination of the packets going through the VPN gateway and help determine the if the traffic is reaching the VPN Gateway.

Check is any NSG present is blocking the RDP connectivity. You can use IP flow verify to test this connectivity.

Check if the Fortigate Device used is configured as per the validated devices list here.

Thank you!
Irin Sultana 377 Reputation points

2024-01-31T17:06:15.7133333+00:00

Hi , Thank You for your reply! I added the screenshot again. Thank You!

Answer 1

@Irin Sultana
Thank you for getting back and sharing additional details.

Based on the error received I think you can follow the steps mentioned below to help troubleshoot the issue.

For the error the issue is usually due to selection of incorrect IKE parameters. You can go through the documentation here to understand the default IKE parameters for IKE Phase 1 and Phase 2.
If above does not help, then you can Enable Diagnostic logging for the VPN Gateway and check if you can find any issue in IKEDiagnosticLog for the VPN connection.
Check if the on-prem device is listed in the validated devices list here for Azure VPN.

I hope this has been helpful! Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A! User's image

Share via

Azure to Fortigate VPN issue

0 additional answers

Your answer