Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

VPN devices do not establish IPsec site-to-site VPN tunnels for a cross-premises network in Windows Server 2012 R2

View products that this article applies to.

Symptoms

This problem occurs when you configure the following:

You use Routing and Remote Access Service (RRAS) to set up Internet Key Exchange version 2 (IKEv2) protocol-based site-to-site tunnels for cross-premises network connection in Windows Server 2012 R2.
You have UDP port 4500 blocked.

↑ Back to the top

Cause

This problem occurs because UDP port 4500 is required even though Mobility and Multihoming Protocol (MOBIKE) and NAT traversal (NAT-T) are disabled.

Note UDP port 4500 is just used by MOBIKE and NAT-T. Therefore, UDP port 4500 should not be involved in IPsec site-to-site VPN connections.

↑ Back to the top

Resolution

To resolve this problem, install the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.

↑ Back to the top

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top

More Information

See the terminology that Microsoft uses to describe software updates.

↑ Back to the top

Applies to:

↑ Back to the top

Keywords: kbqfe, kbfix, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info

Article ID	:	3014175
Revision	:	1
Created on	:	1/7/2017
Published on	:	1/12/2015
Exists online	:	False
Views	:	179