Issue
You have configured a Point-to-Site VPN on the Azure Gateway
The Azure Gateway also has Site-to-Site Connections using BGP or Static Routes
The Point-to-Site is configured for SSTP and IKEv2
You configure the VPN and notice that only SSTP is used and when trying to manually set IKEv2 the client fails with the following error:
“Error processing ID payload”
Resolution 1
First check how many routes are being published on the VPN
- Select an Azure VM > Select Network > Select Network Card > Select Effective Routes
- Count the number of Routes
If you have more than 25 routes (published on the VPN) you will need to limit the routes by summarizing them below 25 routes.
The Windows VPN Client built into Windows 10 (1607 and above) doesn’t support more than 25 routes hence they this fails.
If you are not able to limit these routes you will need to Use SSTP
NB: SSTP only allows 128 concurrent connection
Resolution 2
If you are running Windows 10 builds 1607-1709 update to the latest windows 10 build or apply the following changes\fixes:
Install the update.
|
OS version |
Date |
Number/Link |
|
Windows Server 2016 Windows 10 Version 1607 |
January 17, 2018 |
|
|
Windows 10 Version 1703 |
January 17, 2018 |
|
|
Windows 10 Version 1709 |
March 22, 2018 |
Set the registry key value. Create or set “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\ IKEv2\DisableCertReqPayload” REG_DWORD key in the registry to 1.
Resolution 3
If you are running Windows 10 builds below 1607 you will need to update to the latest windows 10 build