Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, March 13, 2019 1:26 PM
I have configured an Always on VPN that uses IKEv2 machine certificates for authentication. For testing purposes I have a virtual machine running on my laptop. When I try to connect to the VPN from inside the network I can connect just fine. When I test from outside the network I get a message. "Invalid Payload Received". What would cause this?
BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo
All replies (5)
Thursday, March 14, 2019 6:21 PM âś…Answered
Hi John,
IP fragmentation is a common cause of failed IKEv2 VPN connections, especially when you can connect from one location but not another. More detail about the problem and how to resolve can be found here.
https://directaccess.richardhicks.com/2019/02/11/always-on-vpn-and-ikev2-fragmentation/
Richard M. Hicks
Microsoft Cloud & Datacenter MVP
Founder and Principal Consultant - Richard M. Hicks Consulting, Inc.
directaccess.richardicks.com
Thursday, March 14, 2019 7:46 AM
Hi,
I think the issue may be related to IPsec configuration. It is a good idea to catch the network packets for analysis.
I am trying to involve someone familiar with this topic to further look at this issue. If we have any updates or any thoughts about this issue, we will keep you posted as soon as possible.
Best regards,
Travis
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, March 14, 2019 1:22 PM
Thanks Travis. I'm going to try today from a physical machine to see if I get the same results and the VM. Maybe the virtual switch is causing issues.
BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo
Sunday, March 24, 2019 12:17 AM
Thanks Richard. I need to get somewhere to test this. I'll let you know what I find.
BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo
Friday, April 12, 2019 1:57 PM
Would this, "Many firewall and VPN vendors include support for IKEv2 fragmentation" be configured on my Sonicwall or my VPN server (Windows machine) or both?
BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo