IKEv2 Mobile VPN connection from Intune drop when data is transferred

kraegkraeg
in Firebox - VPN Mobile User

Hello!

We have a strange problem: We deploy IKEv2 vpn connections to Windows clients via Intune. This works perfectly fine!

The users can connect and work via RDP etc. But as soon as they transfer larger files the vpn connection drops suddenly and they have to reconnect.

In the log of the firewall we find entries like this:

drop the received IKEv2 message from aaa.bbb.ccc.ddd:1040 - reason="no IkeV2SA is found"

The problem happens also internally if I'm in an optional network (guest wifi) and connect via VPN to the trusted network.

Interestingly: When we deploy the same connection via powershell it works perfectly!

Does anybody know which Intune settings can cause this "no IkeV2SA is found" problem?

I cant find anything in the net.

Thanks

Axel

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @kraeg
    It sounds like there's a mismatch between the SA time the firewall expects and what the VPN client uses when applied this way.

    If it's working via the PowerShell script, I'd suggest checking that the settings Intune pushes out are up to date and match what is in the PowerShell script.

    Windows doesn't give you a great way to view what the proposals are for phase 1 and 2 (including SA (security association life)), so it's likely easiest to compare with what Intune is pushing out.

    If you continue to run into issues with this, I'd suggest opening a support case.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.