IKEv2 and Windows 10/11 drops connectivity but stays connected in Windows

Question

I’ve seen this with 2 different customers using IKEv2 User VPNs (virtual wan) and Point to Site gateways in hub and spoke whereby using the VPN in a Always On configuration (device and user tunnel) that after a specific amount of time (56 minutes) the IKEv2 connection will drop the tunnel but stay connected in Windows. To restore the connection, you just reconnect.

has anyone else had a similar experience? I’ve seen the issue with ExpressRoute and with/without Azure firewalls in the topology too.

kidd_ip · Answer

May consider below workarounds and fixes:
&nbsp;
1. Configure Custom IPsec/IKE Policies

Set longer lifetimes and enable rekeying:

{
  "ikeEncryption": "AES256",
  "ikeIntegrity": "SHA256",
  "dhGroup": "DHGroup14",
  "pfsGroup": "PFS2",
  "ipsecEncryption": "AES256",
  "ipsecIntegrity": "SHA256",
  "saLifetimeSeconds": 28800,
  "saDataSizeKilobytes": 102400000
}
2. Use Azure VPN Client Instead of Built-in Windows Client

The Azure VPN Client handles tunnel drops and rekeying more reliably.

3. Enable VPN Reconnect in Windows

Use PowerShell or Group Policy to enable VPN Reconnect feature:

Set-VpnConnection -Name "YourVPN" -ReconnectEnabled $true
4. Monitor with Azure Network Watcher

Use Connection Monitor to detect tunnel drops and automate alerts or reconnection scripts.

Forum Discussion

IKEv2 and Windows 10/11 drops connectivity but stays connected in Windows

1 Reply

Resources