Windows 10: IPsec SA timeout blocks new session

Environment:- Win 10 client, connected to Srv 2016 DC- IPsec enabled as basic "Connection Security Rule" through GPO with default settings- Environment has more than basic hardening, based on CIS- No network security measures Dot1x, NIDS etc are in placeProblem flow chart:1 - At client start up, IPsec transport mode is initiated with no issues and user can log on2 - When client reboots, Main mode SA is terminated but quick mode SA stays active on server3 - When user tries to logon they get errors, boiling down to that IPsec connection is not established4 - After 5 minuter timeout netsh ad

:)

 

IPSec issues. (Microsoft Domain Isolation)

We have Microsoft Domain Isolation set-up on our network. Lately, my computer doesn't allow new inbound IPSec protected connections from other computers, however it will allow them outbound.

For example:

My computer and the other computer are part of the same domain and use the same group policy and firewall settings.

Other computer IPSec connection to My computer - no connection

My computer to other computer - IPSec connection is established.

Once IPSec connection is established

Other computer connection to My computer - connection is established until my computer gets restarted.

Unportected (by IPSec) inbound connections, get established without issues.

The rest of the computers in the network do not exibit these issues.

I tried the following troubleshooting steps:

I cleared SA by using:

netsh ipsec dynamic delete sa (or delete all)

Full reset of the Windows Firewall.

Unjoin-rejoin my computer to the domain.

None of the steps have worked.

Thank you.

 

Windows IPsec Ikev2 client Rekeying default timeout

Hi!

Help me please!

Please tell me, is there a certain timeout for the connection of the IPsec client in Windows?
I have already set all the possible parameters on the server and everything has been tried, everything is turned off, the key exchange is turned off, the IPsec tunnel lifetime has been increased - but it's all useless - according to the server’s logs,
it seems that Windows itself initiates the tunnel break after 7:45 + - hours

here, by reference, someone wrote that there is some kind of default timeout IKE_SA
IPsec/IKEv2 VPN: Tips when connecting a Windows 7, Windows 8 or Windows 10 VPN Client with Rockhopper.

a question for connoisseurs, is this really so? I can’t find this information anywhere
The versions of Windows 10 are different, from 1607 LTSB, 1903, - on all versions of IPsec ikev2 breaks the same way after about 7:45 hours ..

user authentication is carried out through the AD RADIUS server on Windows server 2008 (not R2).
IPsec server - strongswan 5.8.2 at pfsense

 

How do I open up a new session in IE10?

Hi David,

Here are the steps on how to open a new session in Internet Explorer:

• Search Internet Explorer.
• Click Alt.
• Go to File.
• Then click New session.

Note: This option is only available in Internet Explorer 11.

Let us know how that turned out for you.