Configuring Mobility for IKEv2 Connections
When you force a connection to use IKEv2 as its tunnel type, you also have a choice of enabling or disabling mobility (VPN Reconnect) for the VPN connection. To enable mobility for the connection, click Advanced Settings and make sure the check box is selected. To disable mobility for the connection, clear the check box. The default setting for an IKEv2 connection is for mobility to be enabled.
You can also use this dialog box to configure the maximum allowed network outage time for the VPN connection, which can range from 5 minutes to 8 hours (the default is 30 minutes). If the underlying Layer 2 network connectivity is interrupted and not restored within the configured network outage time, the VPN connection will be terminated (that is, mobility will fail).
Additional mobility settings for IKEv2 VPN connections can be configured on the server side. To see these settings, begin by opening Routing And Remote Access from Administrative Tools on a VPN server running Windows Server 2008 R2. Then right-click the VPN server node and select Properties, select the IKEv2 tab, and configure the settings on this tab as shown in Table below.
Server-Side Settings for Configuring IKEv2 Mobility
|Idle Time-out (Minutes)||The time (in minutes) that an IKEv2||5 minutes|
|Network Outage Time (Minutes)||The time (in minutes) that IKEv2 packets are retransmitted without a response before the connection is considered lost. Higher values support connection persistence through network outages.||30 minutes|
|SA Expiration Time (Minutes)||The time (in minutes) after which an IKEv2 client SA expires. An SA expires either at the expiration time or when the SA data size limit is reached, whichever occurs first; a new quick mode negotiation must succeed before the two computers can continue to exchange data.||480 minutes|
|SA Data Size Limit (MB)||The amount of network traffic (in megabytes) that can be sent through an IKEv2 SA before the SA expires; a new quick mode negotiation must succeed before the two computers can continue to exchange data.||100 MB|
In Windows 7 and Windows Server 2008 R2, you can also configure IKEv2 settings (including mobility settings) from the command line by using the Netsh command. The following examples show some of the netsh ras set commands that are available for configuring IKEv2 mobility.
netsh ras set ikev2connection [[idletimeout=] <idle_timeout>] [[nwoutagetime=] <nw_outage_time>]
This command sets the idle time-out and network outage time values for IKEv2 client connections by using the following parameters:
- idletimeout Specifies the idle time-out in minutes for IKEv2 client connections. This value is used to disconnect IKEv2 connections in case the client machine is idle.
- nwoutagetime Specifies the network outage time value in minutes for IKEv2 client connections.
netsh ras set ikev2saexpiry [[saexpirytime=] <sa_expiry_time>] [[sadatasizelimit=] <sa_datasize_limit>]
This command sets the IKEv2 SA expiration controls by using the following parameters:
- saexpirytime Specifies the SA expiry value in minutes for IKEv2 client connections.
- sadatasizelimit Specifies the SA data size limit in megabytes.
The next examples show commands for reviewing IKEv2 connections.
- netsh ras show ikev2connections This command shows the idle time-out and network outage time values for IKEv2 client connections.
- netsh ras show ikev2saexpirycontrols This command shows the IKEv2 SA expiration controls, specifically the SA expiry value in minutes for IKEv2 client connections and the SA datasize limit in megabytes.
- netsh ras show portstatus This command displays the IKEv2 port status as well as the status for L2TP, PPTP, and SSTP ports. By default, this command shows all ports, but it can also show settings for individual ports or ports in a particular status.
- netsh ras dump This command exports the configuration script for all supported RAS features, including (in Windows 7 and Windows Server 2008 R2) the IKEv2 configuration details.
In this tutorial:
- Connecting Remote Users and Networks
- Enhancements for Connecting Remote Users and Networks in Windows 7
- Understanding IKEv2
- Understanding MOBIKE
- Understanding VPN Reconnect
- Protocols and Features of VPN Reconnect
- How VPN Reconnect Works
- Understanding DirectAccess
- Benefits of DirectAccess
- How DirectAccess Works
- Windows 7 and Windows Server 2008 R2
- Perimeter Firewall Exceptions
- Implementing DirectAccess
- Understanding BranchCache
- Benefits of BranchCache
- How BranchCache Works
- Protocols Supported by BranchCache
- Implementing BranchCache
- Supported Connection Types
- Outgoing Connection Types
- Incoming Connection Types
- Deprecated Connection Types
- Supported Tunneling Protocols
- Comparing the Different Tunneling Protocols
- Understanding Cryptographic Enhancements
- Support for AES
- Weak Cryptography Removal from PP TP/L2TP
- Supported Authentication Protocols
- Understanding the VPN Connection Negotiation Process
- Creating and Configuring VPN Connection
- Creating a VPN Connection
- Initiating a Connection
- Terminating a Connection
- Viewing Connection Details
- Configuring a VPN Connection
- Configuring Security Settings for a VPN Connection
- Configuring the Tunneling Protocol (s) Used
- Configuring Advanced Connection Settings
- Configuring the Data Encryption Level
- Configuring the Authentication Method Used
- Configuring Authentication for IKEv2 connections
- Configuring Mobility for IKEv2 Connections
- Configuring Dial-Up Connections
- Creating a Dial-Up Connection
- Advanced Connection Settings
- Configuring Incoming Connections
- Managing Connections Using Group Policy
- Using Remote Desktop
- Understanding Remote Desktop
- Versions of RDP
- RDP 6.1 Features and Enhancements
- RDP 7.0 new features and enhancements
- RemoteApp and Desktop Connection
- Understanding RDC
- Understanding Remote Desktop Services Terminology
- Configuring and Using Remote Desktop
- Enabling Remote Desktop and Authorizing Users on a Single Computer
- Enabling Remote Desktop Using Group Policy
- Configuring and Deploying Remote Desktop Connection
- Configuring Remote Desktop Connection from the Command Line
- Configuring Remote Desktop Connection Using Notepad
- Configuring Remote Desktop Using Group Policy
- Establishing a Remote Desktop Session
- Improving Remote Desktop Performance
- Troubleshooting Remote Desktop Sessions
- Configuring and Using RemoteApp and Desktop Connection