Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more
COURSE of the MONTH
14 days, 4 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows VPN Server, IKE VPN Error
Posted on 2016-08-09
I've setup a Windows 2012R2 VPN server with IKEv2 and SSTP.
Public Certificate has been installed and users can connection just fine using SSTP.
Also, from an internal 2012R2 server I'm able to connect to the VPN server using IKEv2 using the public hostname.
However, from external users when they try and connect using IKEv2 I get an error, see attached images.
The firewall in use is a Sonicwall NSA.
The ports being NAT'd are:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=1701 <- Used by L2TP control/data path
IP Protocol Type=50 <- Used by data path (ESP)
In the Sonicwall I've also checked the box for: "Preserve IKE Port for Pass Through Connections" and also disabled the WAN VPN Group so its not using IKE.
See attached security configuration for clients. This works for an internal client but not an external one.
Win-10-Connection-Error.PNG
Win-7-Connection-Error.PNG
IKEv2-settings.PNG
Public Certificate has been installed and users can connection just fine using SSTP.
Also, from an internal 2012R2 server I'm able to connect to the VPN server using IKEv2 using the public hostname.
However, from external users when they try and connect using IKEv2 I get an error, see attached images.
The firewall in use is a Sonicwall NSA.
The ports being NAT'd are:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=1701 <- Used by L2TP control/data path
IP Protocol Type=50 <- Used by data path (ESP)
In the Sonicwall I've also checked the box for: "Preserve IKE Port for Pass Through Connections" and also disabled the WAN VPN Group so its not using IKE.
See attached security configuration for clients. This works for an internal client but not an external one.
Win-10-Connection-Error.PNG
Win-7-Connection-Error.PNG
IKEv2-settings.PNG
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
3
5 Comments
Active today
IKEv2 requires that the computer or user connecting to the VPN have a valid certificate to provide the underlying PKI encryption. Basically, if you don't have certificates installed on the client machines that they can use to authenticate themselves, IKEv2 won't work. It requires an Internal CA or Client certificates from a Third Party CA (super expensive).
Looks like the issue is with the Windows Client when the Firewall is behind a NAT for IKEv2. I just tried this Microsoft KB handling on a Windows 7 PC and it allowed the IKEv2 connection just fine.
https://support.microsoft.com/en-us/kb/926179
I didn't have to import any certificate of any kind as I'm using a public certificate on the server.
I'm trying this on Win 10 and I'll let you know on the results.
https://support.microsoft.com/en-us/kb/926179
I didn't have to import any certificate of any kind as I'm using a public certificate on the server.
I'm trying this on Win 10 and I'll let you know on the results.
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market. Every year, Cisco displays cutting-edge technol…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs.
Launch Data Protection Manager from the deskt…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses
Course of the Month14 days, 4 hours left to enroll
801 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.