This is part of an on going series on my shenanigans in rolling out an Always On VPN Solution.
Part 1: Always On VPN Overview
Part 2: AoVPN Architecture
The tunnel is connected, but…. there’s no traffic going through it….
Here is where the fun started…Upon checking the firewall, virtual wan, routing and every other setting I could think of I still couldn’t get the data to pass through the tunnel. Since this is always on, I couldn’t get to the internet either… So I opened a call with Microsoft, and this even baffled them. I got through to 2nd tier support and they told me that the gateway was learning over 500 bgp routes from our Express route circuit. The limit in the ikev2 protocol is 255. Cool… I had the ISP summarize the routes and things started flowing.
I was then able to get Intune to automate certificate and profile deployment.
Sweet… I rolled this out and people either can’t connect or they keep flopping connection… YAY… Ugh…
We have found while deploying this that Xfinity residential service is a pain in the rear end. Their older modems do not support ikev2 vpn tunnels, some models you have to put port forwarding in place, and the newer models, comcast merges the 2.4ghz and 5ghz bands, and this confuses the hell out of the tunnel. So when you unsplit the bands everything starts working again.
Stay tuned… There’s more to come…
Newest issue is trusted network detection doesn’t work anymore…. WHHHHHHYYYYY? We will find out….
