How to fix Virtual Network Gateway, idling even when the tunnel is busy

Question

How to fix Virtual Network Gateway, idling even when the tunnel is busy

Randolph Singson 0

IPSec VPN connection Consistently dropping even when there are traffic

Randolph Singson 0 Reputation points

2025-06-03T00:05:11.52+00:00

To provide more context, I have created a Virtual Network Gateway to establish an IPsec VPN connection for managing the on-premises NAS server. What I noticed is that, even though there is a data activity, Azure AD loses its connection. Please assist on how I can establish a solid and steady tunnel connection so that we don't lose Connectivity on the map drives
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-03T01:56:13.9566667+00:00
Hello Randolph Singson

I understand that you're facing trouble with your IPSec VPN connection dropping even when there’s ongoing traffic. Here are a few steps you can take to troubleshoot and improve the stability of your virtual network gateway:

Make sure you’re using a validated VPN device and the right operating system version. Some devices may have compatibility issues that cause frequent disconnects.

Look for any user-defined routing (UDR) or network security groups (NSGs) that might be affecting traffic flow on the gateway subnet. Sometimes these settings can inadvertently restrict or impact traffic.

Ensure that the Security Association (SA) lifetime settings match between Azure and on-premises device. Mismatched SA settings can cause frequent rekeying, leading to disconnects.

Check that the external IP address of your VPN device is correctly set. It should not be behind a network address translation (NAT) or firewall that's blocking access.

If you're on-premises VPN device has the perfect forward secrecy feature enabled, try disabling it as it can lead to disconnections.

You can check Azure VPN Gateway logs to diagnose why your IPSec VPN connection is dropping despite active traffic.

Refer https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-disconnected-intermittently
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot

Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-04T10:08:01.9033333+00:00

Hello Randolph Singson

Following up to see if the above information was helpful. And, if you have any further query do let us know.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-05T08:45:50.05+00:00

Hello Randolph Singson

Following up to see if the above information was helpful. And, if you have any further query do let us know.

1 answer

Your answer

Randolph Singson 0 Reputation points

2025-06-03T00:05:11.52+00:00

To provide more context, I have created a Virtual Network Gateway to establish an IPsec VPN connection for managing the on-premises NAS server. What I noticed is that, even though there is a data activity, Azure AD loses its connection. Please assist on how I can establish a solid and steady tunnel connection so that we don't lose Connectivity on the map drives
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-03T01:56:13.9566667+00:00

Hello Randolph Singson

I understand that you're facing trouble with your IPSec VPN connection dropping even when there’s ongoing traffic. Here are a few steps you can take to troubleshoot and improve the stability of your virtual network gateway:

Make sure you’re using a validated VPN device and the right operating system version. Some devices may have compatibility issues that cause frequent disconnects.

Look for any user-defined routing (UDR) or network security groups (NSGs) that might be affecting traffic flow on the gateway subnet. Sometimes these settings can inadvertently restrict or impact traffic.

Ensure that the Security Association (SA) lifetime settings match between Azure and on-premises device. Mismatched SA settings can cause frequent rekeying, leading to disconnects.

Check that the external IP address of your VPN device is correctly set. It should not be behind a network address translation (NAT) or firewall that's blocking access.

If you're on-premises VPN device has the perfect forward secrecy feature enabled, try disabling it as it can lead to disconnections.

You can check Azure VPN Gateway logs to diagnose why your IPSec VPN connection is dropping despite active traffic.

Refer https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-disconnected-intermittently
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot

Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-04T10:08:01.9033333+00:00

Hello Randolph Singson

Following up to see if the above information was helpful. And, if you have any further query do let us know.
Sindhuja Dasari 1,520 Reputation points Microsoft External Staff Moderator

2025-06-05T08:45:50.05+00:00

Hello Randolph Singson

Following up to see if the above information was helpful. And, if you have any further query do let us know.

Answer 1

hi Randolph! thanks for throwing this question out there )) dealing with vpn drops when u need those mapped drives to stay alive is a total pain, right?

the idle timeout thing is a classic azure vpn gateway quirk. even if there’s traffic, sometimes it acts like it’s napping )) the fix? u gotta tweak the keepalive settings. on ur on prem vpn device, set the dead peer detection (DPD) to aggressive mode and crank up the keepalive interval to like 10-30 seconds. azure’s side is less flexible, but this’ll poke the tunnel awake. azure vpn gateway about DPD.

next, check ur security associations (SAs). if they’re flaky, the tunnel drops. make sure ur on prem device matches azure’s phase 1 and phase 2 settings exactly. ikev2 is way more stable than ikev1, so switch if u can. azure vpn gateway crypto requirements.

and azure’s vpn gateways sometimes throttle connections under heavy load. if ur pushing big files or tons of small packets, the tunnel might choke. try bumping up the gateway sku to something beefier like VpnGw2 or higher. more power, fewer drops ))

enable BGP if u haven’t. it’s like giving ur tunnel a heartbeat, keeps it alive even when traffic’s light. azure loves BGP for vpn stability: azure vpn gateway BGP.

hope this helps! if ur still stuck, hit me with more deets
Best regards,

Alex

and "yes" if you would follow me at Q&A - personaly thx.
P.S. If my answer help to you, please Accept my answer
PPS That is my Answer and not a Comment

https://ctrlaltdel.blog/

Share via

How to fix Virtual Network Gateway, idling even when the tunnel is busy

1 answer

Your answer