Troubleshooting S2S VPN IPsec Connection from On Premise to Azure VM via Fortinet Firewall

Anthony Ivanov 1 Reputation point
2022-03-02T00:39:32.3+00:00

Hi All,

I have recently setup an IPsec VPN Site to Site connection in Azure following the below article using an azure vnet, azure local network gateway, azure virtual network gateway and our on premise Fortinet Firewall. The VPN has connected successfully however I cannot ping the private ip's of my azure tes Virtual Machine which is the 10.10.0.X range and nor can I rdp to the server. Pinging from the Azure VM back to on prem does not work either. I have spoken to the Fortinet support team and they suggest all looks ok from their side. Does anyone have any suggestions?

https://docs.fortinet.com/document/fortigate/5.4.0/cookbook/587640/ipsec-vpn-to-microsoft-azure

Many thanks

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,401 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Devaraj G 2,091 Reputation points
    2022-03-02T03:41:42.637+00:00

    It could be route issue or NSG/Firewall blocking. What is the VPN type you deployed ? is it basic or ?

    Ensure the windows firewall and NSG is not blocking any traffic flows. Use the IP flow verify option to ensure traffic flow. This will give baseline understanding about the traffic.

    https://learn.microsoft.com/en-us/azure/network-watcher/network-watcher-ip-flow-verify-overview

    Also can you please provide traceroute and route table output from your on-prem machine where you trying to connect to azure. Trace route to Azure VM.

    0 comments No comments

  2. Anthony Ivanov 1 Reputation point
    2022-03-02T22:47:14.857+00:00

    Thanks Dev073. This is resolved now. End up being the incorrect on prem private network address being added to the Azure Local Network gateway settings.