Windows 7 / Networking

How VPN Reconnect Works

VPN Reconnect (IKEv2) is available only on Windows 7 and Windows Server 2008 R2. This means that mobile computers must be running Windows 7 and the VPN server at the corporate network must be running Windows Server 2008 R2 to use VPN Reconnect.

A typical example of how VPN Reconnect works is as follows:

  1. A user's Windows 7 mobile computer at remote location A establishes Internet connectivity using a wireless access point at the location. This Internet connectivity provides the user's computer with a reachable IP address.
  2. The user initiates a VPN connection to a VPN server running Windows Server 2008 R2 on the corporate network. The user's VPN connection has been configured to attempt IKEv2 first as a tunneling protocol for the connection.
  3. The VPN client exchanges IKEv2 messages with the VPN server and uses EAP to negotiate an authentication protocol.
  4. The VPN server uses Remote Authentication Dial-in User Service (RADIUS) to authenticate and authorize the remote client.
  5. An SA is negotiated for tunnel mode ESP.
  6. The VPN client obtains an internal IP address for the duration of the session.
  7. Data is now exchanged between the VPN client and server. This data is encapsulated in an IP packet that uses the internal address, which is then encapsulated by ESP, which is finally encapsulated in an IP packet that uses the reachable address.
  8. Then, at some point, the user's computer is moved away from location A so that Internet connectivity is lost.
  9. VPN Reconnect ensures that the SA remains valid, keeping the VPN session alive even though the VPN connection is temporarily broken.
  10. The user's computer is now moved to a new location B, where Internet connectivity is reestablished using a different wireless access point.
  11. The user's computer acquires a new reachable IP address that is different from the one used previously.
  12. The VPN client exchanges MOBIKE messages with the VPN server to update the existing VPN tunnel and SA with the newly acquired reachable address.
  13. The VPN connection is now automatically restored with no action required on the part of the user.

For information on how to configure VPN Reconnect on the client and server side, see the section titled "Configuring Mobility for IKEv2 Connections" later in this tutorial.

Note Unlike other VPN tunneling protocols such as PP TP, L2TP/IPsec, and SSTP, VPN Reconnect (IKEv2) does not run a Point-to-Point Protocol (PPP )-based handshake on top of the tunnel.

[Previous] [Contents] [Next]

In this tutorial:

  1. Connecting Remote Users and Networks
  2. Enhancements for Connecting Remote Users and Networks in Windows 7
  3. Understanding IKEv2
  4. Understanding MOBIKE
  5. Understanding VPN Reconnect
  6. Protocols and Features of VPN Reconnect
  7. How VPN Reconnect Works
  8. Understanding DirectAccess
  9. Benefits of DirectAccess
  10. How DirectAccess Works
  11. Windows 7 and Windows Server 2008 R2
  12. Ipv6
  13. IPsec
  14. Perimeter Firewall Exceptions
  15. Implementing DirectAccess
  16. Understanding BranchCache
  17. Benefits of BranchCache
  18. How BranchCache Works
  19. Protocols Supported by BranchCache
  20. Implementing BranchCache
  21. Supported Connection Types
  22. Outgoing Connection Types
  23. Incoming Connection Types
  24. Deprecated Connection Types
  25. Supported Tunneling Protocols
  26. Comparing the Different Tunneling Protocols
  27. Understanding Cryptographic Enhancements
  28. Support for AES
  29. Weak Cryptography Removal from PP TP/L2TP
  30. Supported Authentication Protocols
  31. Understanding the VPN Connection Negotiation Process
  32. Creating and Configuring VPN Connection
  33. Creating a VPN Connection
  34. Initiating a Connection
  35. Terminating a Connection
  36. Viewing Connection Details
  37. Configuring a VPN Connection
  38. Configuring Security Settings for a VPN Connection
  39. Configuring the Tunneling Protocol (s) Used
  40. Configuring Advanced Connection Settings
  41. Configuring the Data Encryption Level
  42. Configuring the Authentication Method Used
  43. Configuring Authentication for IKEv2 connections
  44. Configuring Mobility for IKEv2 Connections
  45. Configuring Dial-Up Connections
  46. Creating a Dial-Up Connection
  47. Advanced Connection Settings
  48. Configuring Incoming Connections
  49. Managing Connections Using Group Policy
  50. Using Remote Desktop
  51. Understanding Remote Desktop
  52. Versions of RDP
  53. RDP 6.1 Features and Enhancements
  54. RDP 7.0 new features and enhancements
  55. RemoteApp and Desktop Connection
  56. Understanding RDC
  57. Understanding Remote Desktop Services Terminology
  58. Configuring and Using Remote Desktop
  59. Enabling Remote Desktop and Authorizing Users on a Single Computer
  60. Enabling Remote Desktop Using Group Policy
  61. Configuring and Deploying Remote Desktop Connection
  62. Configuring Remote Desktop Connection from the Command Line
  63. Configuring Remote Desktop Connection Using Notepad
  64. Configuring Remote Desktop Using Group Policy
  65. Establishing a Remote Desktop Session
  66. Improving Remote Desktop Performance
  67. Troubleshooting Remote Desktop Sessions
  68. Configuring and Using RemoteApp and Desktop Connection