Windows 7 / Networking

Configuring Mobility for IKEv2 Connections

When you force a connection to use IKEv2 as its tunnel type, you also have a choice of enabling or disabling mobility (VPN Reconnect) for the VPN connection. To enable mobility for the connection, click Advanced Settings and make sure the check box is selected. To disable mobility for the connection, clear the check box. The default setting for an IKEv2 connection is for mobility to be enabled.

You can also use this dialog box to configure the maximum allowed network outage time for the VPN connection, which can range from 5 minutes to 8 hours (the default is 30 minutes). If the underlying Layer 2 network connectivity is interrupted and not restored within the configured network outage time, the VPN connection will be terminated (that is, mobility will fail).

Additional mobility settings for IKEv2 VPN connections can be configured on the server side. To see these settings, begin by opening Routing And Remote Access from Administrative Tools on a VPN server running Windows Server 2008 R2. Then right-click the VPN server node and select Properties, select the IKEv2 tab, and configure the settings on this tab as shown in Table below.

Server-Side Settings for Configuring IKEv2 Mobility

SettingExplanationDefault
Idle Time-out (Minutes)The time (in minutes) that an IKEv25 minutes
Network Outage Time (Minutes)The time (in minutes) that IKEv2 packets are retransmitted without a response before the connection is considered lost. Higher values support connection persistence through network outages.30 minutes
SA Expiration Time (Minutes)The time (in minutes) after which an IKEv2 client SA expires. An SA expires either at the expiration time or when the SA data size limit is reached, whichever occurs first; a new quick mode negotiation must succeed before the two computers can continue to exchange data.480 minutes
SA Data Size Limit (MB)The amount of network traffic (in megabytes) that can be sent through an IKEv2 SA before the SA expires; a new quick mode negotiation must succeed before the two computers can continue to exchange data.100 MB

In Windows 7 and Windows Server 2008 R2, you can also configure IKEv2 settings (including mobility settings) from the command line by using the Netsh command. The following examples show some of the netsh ras set commands that are available for configuring IKEv2 mobility.

netsh ras set ikev2connection [[idletimeout=] <idle_timeout>] [[nwoutagetime=] <nw_outage_time>]

This command sets the idle time-out and network outage time values for IKEv2 client connections by using the following parameters:

  • idletimeout Specifies the idle time-out in minutes for IKEv2 client connections. This value is used to disconnect IKEv2 connections in case the client machine is idle.
  • nwoutagetime Specifies the network outage time value in minutes for IKEv2 client connections.
netsh ras set ikev2saexpiry [[saexpirytime=] <sa_expiry_time>] [[sadatasizelimit=] <sa_datasize_limit>]

This command sets the IKEv2 SA expiration controls by using the following parameters:

  • saexpirytime Specifies the SA expiry value in minutes for IKEv2 client connections.
  • sadatasizelimit Specifies the SA data size limit in megabytes.

The next examples show commands for reviewing IKEv2 connections.

  • netsh ras show ikev2connections This command shows the idle time-out and network outage time values for IKEv2 client connections.
  • netsh ras show ikev2saexpirycontrols This command shows the IKEv2 SA expiration controls, specifically the SA expiry value in minutes for IKEv2 client connections and the SA datasize limit in megabytes.
  • netsh ras show portstatus This command displays the IKEv2 port status as well as the status for L2TP, PPTP, and SSTP ports. By default, this command shows all ports, but it can also show settings for individual ports or ports in a particular status.
  • netsh ras dump This command exports the configuration script for all supported RAS features, including (in Windows 7 and Windows Server 2008 R2) the IKEv2 configuration details.
[Previous] [Contents] [Next]

In this tutorial:

  1. Connecting Remote Users and Networks
  2. Enhancements for Connecting Remote Users and Networks in Windows 7
  3. Understanding IKEv2
  4. Understanding MOBIKE
  5. Understanding VPN Reconnect
  6. Protocols and Features of VPN Reconnect
  7. How VPN Reconnect Works
  8. Understanding DirectAccess
  9. Benefits of DirectAccess
  10. How DirectAccess Works
  11. Windows 7 and Windows Server 2008 R2
  12. Ipv6
  13. IPsec
  14. Perimeter Firewall Exceptions
  15. Implementing DirectAccess
  16. Understanding BranchCache
  17. Benefits of BranchCache
  18. How BranchCache Works
  19. Protocols Supported by BranchCache
  20. Implementing BranchCache
  21. Supported Connection Types
  22. Outgoing Connection Types
  23. Incoming Connection Types
  24. Deprecated Connection Types
  25. Supported Tunneling Protocols
  26. Comparing the Different Tunneling Protocols
  27. Understanding Cryptographic Enhancements
  28. Support for AES
  29. Weak Cryptography Removal from PP TP/L2TP
  30. Supported Authentication Protocols
  31. Understanding the VPN Connection Negotiation Process
  32. Creating and Configuring VPN Connection
  33. Creating a VPN Connection
  34. Initiating a Connection
  35. Terminating a Connection
  36. Viewing Connection Details
  37. Configuring a VPN Connection
  38. Configuring Security Settings for a VPN Connection
  39. Configuring the Tunneling Protocol (s) Used
  40. Configuring Advanced Connection Settings
  41. Configuring the Data Encryption Level
  42. Configuring the Authentication Method Used
  43. Configuring Authentication for IKEv2 connections
  44. Configuring Mobility for IKEv2 Connections
  45. Configuring Dial-Up Connections
  46. Creating a Dial-Up Connection
  47. Advanced Connection Settings
  48. Configuring Incoming Connections
  49. Managing Connections Using Group Policy
  50. Using Remote Desktop
  51. Understanding Remote Desktop
  52. Versions of RDP
  53. RDP 6.1 Features and Enhancements
  54. RDP 7.0 new features and enhancements
  55. RemoteApp and Desktop Connection
  56. Understanding RDC
  57. Understanding Remote Desktop Services Terminology
  58. Configuring and Using Remote Desktop
  59. Enabling Remote Desktop and Authorizing Users on a Single Computer
  60. Enabling Remote Desktop Using Group Policy
  61. Configuring and Deploying Remote Desktop Connection
  62. Configuring Remote Desktop Connection from the Command Line
  63. Configuring Remote Desktop Connection Using Notepad
  64. Configuring Remote Desktop Using Group Policy
  65. Establishing a Remote Desktop Session
  66. Improving Remote Desktop Performance
  67. Troubleshooting Remote Desktop Sessions
  68. Configuring and Using RemoteApp and Desktop Connection