Merge pull request #189159 from jaidharosenblatt/ikev1-edit

PRMerger15 · web-flow · commit 9f17c53a7029 · 2022-02-22T23:28:42.000+05:30
Document IKEv1 disconnects during rekey
diff --git a/articles/vpn-gateway/vpn-gateway-about-compliance-crypto.md b/articles/vpn-gateway/vpn-gateway-about-compliance-crypto.md
@@ -17,7 +17,7 @@ This article discusses how you can configure Azure VPN gateways to satisfy your
 
 ## About IKEv1 and IKEv2 for Azure VPN connections
 
-Traditionally we allowed IKEv1 connections for Basic SKUs only and allowed IKEv2 connections for all VPN gateway SKUs other than Basic SKUs. The Basic SKUs allow only 1 connection and along with other limitations such as performance, customers using legacy devices that support only IKEv1 protocols were having limited experience. In order to enhance the experience of customers using IKEv1 protocols, we are now allowing IKEv1 connections for all of the VPN gateway SKUs, except Basic SKU. For more information, see [VPN Gateway SKUs](./vpn-gateway-about-vpn-gateway-settings.md#gwsku).
+Traditionally we allowed IKEv1 connections for Basic SKUs only and allowed IKEv2 connections for all VPN gateway SKUs other than Basic SKUs. The Basic SKUs allow only 1 connection and along with other limitations such as performance, customers using legacy devices that support only IKEv1 protocols were having limited experience. In order to enhance the experience of customers using IKEv1 protocols, we are now allowing IKEv1 connections for all of the VPN gateway SKUs, except Basic SKU. For more information, see [VPN Gateway SKUs](./vpn-gateway-about-vpn-gateway-settings.md#gwsku). Note that VPN gateways using IKEv1 might experience up [tunnel reconnects](./vpn-gateway-vpn-faq.md#why-is-my-ikev1-connection-frequently-reconnecting) during Main mode rekeys.
 
 ![Azure VPN Gateway IKEv1 and IKEv2 connections](./media/vpn-gateway-about-compliance-crypto/ikev1-ikev2-connections.png)
 
diff --git a/includes/vpn-gateway-faq-ipsecikepolicy-include.md b/includes/vpn-gateway-faq-ipsecikepolicy-include.md
@@ -130,6 +130,11 @@ No. The Basic SKU does not support this.
 
 No. Once the connection is created, IKEv1/IKEv2 protocols cannot be changed. You must delete and recreate a new connection with the desired protocol type.
 
+### Why is my IKEv1 connection frequently reconnecting?
+If your static routing or route based IKEv1 connection is disconnecting at routine intervals, it is likely due to VPN gateways not supporting in-place rekeys. When Main mode is getting rekeyed, your IKEv1 tunnels will disconnect and take up to 5 seconds to reconnect. Your Main mode negotiation time out value will determine the frequency of rekeys. To prevent these reconnects, you can switch to using IKEv2, which supports in-place rekeys.
+
+If your connection is reconnecting at random times, follow our [troubleshooting guide](../articles/vpn-gateway/vpn-gateway-troubleshoot-site-to-site-disconnected-intermittently.md). 
+
 ### Where can I find more configuration information for IPsec?
 
 See [Configure IPsec/IKE policy for S2S or VNet-to-VNet connections](../articles/vpn-gateway/vpn-gateway-ipsecikepolicy-rm-powershell.md).
