- There are connectivity issues from HNV-enabled virtual machines to Azure resources over S2S VPN through the NVGRE gateway.
- The VPN S2S tunnel from the NVGRE gateway remains connected, but no data passes through the connection.
- A mismatch between settings for Perfect Forward Secrecy (PFS) causes the security association rekeying to fail for the IKEv2 connection.
- The VMM default setting for PFS is PFS2048. However, the Azure VPN requirement is for PFS to be disabled.
IntegrityCheckMethod = SHA1
CipherTransformConstants = AES256
AuthenticationTransformConstants = SHA196
PFSGroup = PFS2048
DHGroup = Group2
Protocol = IKEv2
- Open the VPN advanced properties on the VMM VPN.
- Click VM network > Properties > VPN Connections, and then click the advanced tab.
- Set PFS to None.
For information about the requirements for VPN policies connecting to Azure, go to the following MSDN website: