IKEv2 connection with Windows 11 native client

Seabob

Dear Community,
I tried several settings derived from several articles in this forum, but nothing worked.
In the end, this is the state:
I created a dial-in connection for IKEv2-Clients using the wizard built into our ATP500.
Whenever I try to connect, I receive "server not responding".
Using the same setup to establish a L2TP-connection works fine, so we can widely exclude firewalls blocking IKE, I guess.
Any ideas?

PeterUK

It would help to see the settings but really the wizard should of made this easy and work.

when you receive "server not responding" do you know if it connecting to your WAN IP?

Do you have other IKEv2 tunnels? 

Zyxel_Tina

Hi @Seabob,

To further investigate the issue, could you please help check the following:

• First, confirm whether your firewall is deployed behind NAT. If yes, please verify that the uplink device has the required ports correctly forwarded (e.g., UDP 500 and UDP 4500 for IKEv2)
• The detailed configuration of your IKEv2 VPN settings
• If possible, please try to establish the VPN connection again and check whether there are any related error messages or log entries on the firewall at the time of failure. If so, kindly share them with us for further analysis

If any of the information contains sensitive data, please feel free to share it via private message.

MikeForshock

Depending on the levels of Phase 1 & 2 , you may need to do some PowerShell work to make the Windows client match the security requirements.

Seabob

Thanks for your thoughts and I apologize for my silence, but in the meantime I tried to resolve the problem by opening a support-ticket. The result of the ticket and tweaking wizard-generated scripts is:
one site (Vienna) works fine now, but in our site BSU the IKE-Client gets connected to the wrong tunnel, which fails, of course. "Set SplitTunneling=false" didn't help.

Maybe, we pick this issues up from here.