Re: IPsce tunnel setup for VLAN

isultana · ‎02-22-2023

Hi,

I created a vlan because our Ip address range is running out. The network is working internally. But i want to step an IPsec tunnel for our azure. The Vlan can't access azure virtual machine. Is there any way to create an IPsec tunnel with that vlan?

Thanks!

Irin sultana

balaji.bandi · ‎02-22-2023

YES / NO - YES possible if that device have support to connect to Azure and establish VPN, NO - if the device does not support VPN.

Other hands you need to provide more information - Router Model / IOS Code running - how is your network topology?

example :

https://www.petenetlive.com/KB/Article/0001220

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

isultana · ‎02-22-2023

Hi,

Thank You for your response. We have a cisco meraki switch where i created vlan 8. I also created a static route for that vlan in FortiGate where i used LAN interface to connect internally. For azure we have already one IPsce tunnel which is using WAN interface. As our ip range is running out i created VLAN 8. I am confused about if there is any way to setup connection with azure over wan interface? or is there any other way to connect with azure?

Thank YOu!

balaji.bandi · ‎02-22-2023

For azure we have already one IPsce tunnel which is using WAN interface

if you already working (i take this is tunnel using Fortigate to establish with azzure right)

Make sure you add new IP address in the ACL in the allowed list in the VPN tunnel config, both the side - I have observed some time fortigate reset the tunnel for blip time.

check below adding Local subnet in to fortigate :

https://docs.fortinet.com/document/fortigate/6.2.5/cookbook/118663/adding-ipsec-aggregate-members-in-the-gui

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

isultana · ‎02-23-2023

Hi

Example:

My network is ip : 192.168.3.0/24 ( ip range scope is setup in dhcp)

This is using VLAN 1 in cisco meraki switch. The gateway Ip for that 192.168.3.10.

In FortiGate, I created an IPsec tunnel for azure which is using WAN interface to connect. I also created a Static route for that. When i created that tunnel for azure, i used custom template in FortiGate. That template is using static IP for remote gateway. For that i also created a static route with that static Ip address. The destination is azure Ip address and the gateway Ip is that static Ip address for interface i used that IPsec tunnel. As i also created default static route in wan interface is working fine.

Now, my situation is i created a VLAN 10 in cisco meraki switch for internet connection. I created static route which is using LAN interface not WAN. The gateway ip address for that static route is VLAN 1 gateway Ip (192.168.3.10) So, when try to create an IPsec tunnel i need to give static ip and interface to create that tunnel. But i am not sure will it work or not. I am confused how should i setup the tunnel for that VLAN to use azure.

I don't know i am able to explain properly. Thank you for your suggestions.

Thank You!

Irin

balaji.bandi · ‎02-24-2023

As long as your VLAN 10 IP address has routing internally and is allowed in the VPN allowed list they should be able to reach over VPN.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎02-22-2023

can you more elaborate please ?

MHM Cisco World · ‎02-25-2023

friend can I see topology