Hi to all , I'm trying to implement IPSEC Tunnel between two Windows 2008 R2 Server . I have two different subnets and firewall between them Subnet 1 : 192.168.0.0/24 Subnet 2 : 172.16.0.0/24 There is full routing between the subnets and I want access between the two servers . Server1 is located in 192.168.0.0/24 with IP 192.168.0.200 Server2 is located in 172.16.0.0/24 with IP 172.16.0.150 There is UDP 500 port opened between the firewalls I'm using Windows 2008 R2 and configure the Windows firewall with Server-to-Server connection and enabled IPSEC tunnel in Advanced firewall configuration. The connection is configured with PreShared Key authentication and is working fine , but at some point it is disconnecting .I need to restart firewall service or the Connection Security Rule to restart the tunnel. Also sometimes with a Ping command from one side I can reestablish the tunnel. Tried to create Schedule task with PING command but the same problem appears too. Any ideas ?

Hi, Thanks for your post. Please try to disable the previous policy, and create a new one. Right-click Connection Security Rules, and then click New Rule.On the Rule Type page, select Server-to-server, and then click Next.On the Endpoints page, edit the Endpoint1 and Endpoint2.On the Requirements page, select Require authentication for inbound and outbound connections, and then click Next.On the Authentication Method page, select Advanced, and then click Customize.Under First authentication methods, click Add.On the Add First Authentication Methods page, select Preshared key, type XXXXXX in the text box, click OK two times, and then click Next. In addition, please note IPsec is not recommended to place a server behind NAT device. How to configure an L2TP/IPsec server behind a NAT-T device in Windows Vista and in Windows Server 2008 http://support.microsoft.com/kb/926179 Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Hi, Thanks for your post. Please try to disable the previous policy, and create a new one. Right-click Connection Security Rules, and then click New Rule.On the Rule Type page, select Server-to-server, and then click Next.On the Endpoints page, edit the Endpoint1 and Endpoint2.On the Requirements page, select Require authentication for inbound and outbound connections, and then click Next.On the Authentication Method page, select Advanced, and then click Customize.Under First authentication methods, click Add.On the Add First Authentication Methods page, select Preshared key, type XXXXXX in the text box, click OK two times, and then click Next. In addition, please note IPsec is not recommended to place a server behind NAT device. How to configure an L2TP/IPsec server behind a NAT-T device in Windows Vista and in Windows Server 2008 http://support.microsoft.com/kb/926179 Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Hi, How are things going? I just want to check the status of the issue. If you have any update or concern, please feel free to let us know. Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Hi, How are things going? I just want to check the status of the issue. If you have any update or concern, please feel free to let us know. Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Hi This is almost the same settings that i had. The only diference is that in the Advanced section i enabled IPSEC tunnel . That is because i want only UDP 500 to be openened in my Firewall.In Server-to-Server configuration the wizard is not using IPSEC tunnel And i am not using NAT-T.

Hi This is almost the same settings that i had. The only diference is that in the Advanced section i enabled IPSEC tunnel . That is because i want only UDP 500 to be openened in my Firewall.In Server-to-Server configuration the wizard is not using IPSEC tunnel And i am not using NAT-T.

Hi, Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support. Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Hi, What is the interval you set for the PING command? I suggest you to set both server to send a single PING every minute. Best Regards Scott XiePlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Thank you for your question. I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience. Thank you for your understanding and support. Best Regards, Aiden TechNet Subscriber Support If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.Aiden Cao TechNet Community Support

Hi, What is the interval you set for the PING command? I suggest you to set both server to send a single PING every minute. Best Regards Scott XiePlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I tried to ping every minute. Anyway if the FW service stop all the tunnels drop so we abandoned that method and move to limited RPC ports. A couple of TCP/UDP ports between the servers are working perfectly fine

Seems to be that some ipsec timer expires. Does the tunnel drops at the same time, eg 24 hr ?Johan Loos CISSP,MCT,ISO 27001 and others