I've setup a Windows 2012R2 VPN server with IKEv2 and SSTP.
Public Certificate has been installed and users can connection just fine using SSTP.
Also, from an internal 2012R2 server I'm able to connect to the VPN server using IKEv2 using the public hostname.
However, from external users when they try and connect using IKEv2 I get an error, see attached images.
The firewall in use is a Sonicwall NSA.
The ports being NAT'd are:
IP Protocol Type=UDP, UDP Port Number=500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
IP Protocol Type=UDP, UDP Port Number=1701 <- Used by L2TP control/data path
IP Protocol Type=50 <- Used by data path (ESP)
In the Sonicwall I've also checked the box for: "Preserve IKE Port for Pass Through Connections" and also disabled the WAN VPN Group so its not using IKE.
See attached security configuration for clients. This works for an internal client but not an external one.