Meraki

Community

vMX to Fortigate Site 2 Site

Solved
Patrik73
Getting noticed
Thursday
Thursday

vMX to Fortigate Site 2 Site

Hi!

 

I have a problem with Site 2 Site VPN.

 

I have a local site with an MX85.
And then I have an vMX deployed in Azure with an Route Table.
The vMX in Azure is in Passthrough or VPN Concentrator mode.

 

Site 2 Site between my onsite MX and vMX in Azure works fine.

 

But now I want to setup another Site 2 Site between the vMX and a Fortigate.
I can get the tunnel up and running, but no traffic is flowing between them.
A route is created in Route Table in Azure.
Destination type: IP Addresses
CIDR range: 10.100.20.0/24 that is the local network for fortigate.
Next hop type: Virtual appliance
Next hop address: my appliance IP-address

 

If i setup the exact same Site 2 Site between Fortigate and my onsite MX, then the tunnel goes up and I can reach the network from both way.

But I want it to work between Azure and Fortigate.

 

Has anyone any idea what might be wrong and where I should begin looking?

Labels:
0 Kudos
1 Accepted Solution
Patrik73
Getting noticed
Sunday
Sunday

Now it finally works.
I had set the whole vnet on remote subnet on the Fortigate.
When I changed to just one subnet the traffic began to flow.

View solution in original post

0 Kudos
4 Replies 4
Mloraditch
Kind of a big deal
Thursday
Thursday

So the tunnel shows up and connected in your VPN status and on the fortigate side? Do you have the appropriate routes on the fortigate side?

My first thought would be an Azure NSG or perhaps the peer ids not being set right because the vMX is natted but the tunnel shouldn't be up if those are wrong.

If you found this post helpful, please give it Kudos. If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to Mloraditch
Patrik73
Getting noticed
Thursday
Thursday

Hi!
I have set the whole Vitual network as route in Fortigate VPN.
Maybe I should try just to set the subnets in that network.

The vnet is at 10.162.50.0/24

And then I have a bunch of subnets in there.

Like 

10.162.50.128/27
10.162.50.160/27
 
But I see now that I only have three subnets associated with  my route.
10.162.50.64/27
10.162.50.32/27
10.162.50.96/27
 
Maybe that can matters in some way.
0 Kudos
alemabrahao
Kind of a big deal
Friday
Friday

What about the routing table in Azure, have you checked it?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
Patrik73
Getting noticed
Sunday
Sunday

Now it finally works.
I had set the whole vnet on remote subnet on the Fortigate.
When I changed to just one subnet the traffic began to flow.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.