What option should I use to make sure the tunnel doesn’t go down and to keep vpn connection operating?
Initiate traffic over the tunnel, like a ping every 5 minutes, for example.
If there’s a constant flow of traffic, and it keeps disconnecting. You can try restarting the virtual network gateway.
Another gotcha is the MTU on the other side not matching the requirements of the virtual network gateway
Is this azure network to azure network? Or to an on-prem network?
I see what the logic behind this tip, but alas. It’s not a solution, at best a band-aid.
The S2S tunnel is self-maintaining. So if the connection drops periodicaly there is something wrong somewhere.
Here are some good tips to troubleshoot a S2S issue: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-disconnected-intermittently
Would you have a VM sit on the subnet and do that or what would you use ?
Thanks for providing some extra insight. I should have probably lead with that I made the assumption OP already checked all these things. The solutions I offered are those types of things are exactly what you said, a band-aid.
It can be anything you have in the encryption domain on the Azure side. So, yeah a VM would work fine
I’ve only done Azure → on premise (so far). I had issues with (Internet BGP) routing-changes dropping the tunnel and we had to initiate from the azure side; I don’t have any idea if that would help you.
It might , how did you initiate from the azure side ?
On the connector properties in Azure is configured like this:
Azure private IP - no
BGP - no
IPsec / IKE - default
Policy Based - Disable
DPD timeout - 60 seconds
Connection mode: Default
Use Custom Traffic: Disabled
The connection mode seems to be the key - and shortening the DPD may improve recovery of the tunnel.
I was attempting to route this tunnel to a Fortigate and the IP we were using was not a direct-hardware interface, so the FG had to initiate the tunnel.
r properties in Azure is configured like this:
Azure private IP -
I am connecting from a fortigate to Azure with the same config on Azure side… still there is disconnects . Not sure how to fix
Did you ever manage to find a solution? We are currently having this issue for 1 out of 12 branches between Azure VNG and fortigates.
For me it was a bandwidth issue, the disconnects were non existent when I put a bandwidth limit on fortigate
Thanks for your reply! I’m afraid that we have a different issue then. Our disconnect interval is exactly 7 hours and 5 minutes (phase 1 28800 seconds and phase 2 27000 seconds)