Hi,
We are experiencing an issue which I have read on these forums already but no answer was suggested.
We have a site-to-site static routing VPN (classic VPN, not ARM) attempting to connect to a remote Cisco ASA 5555 (a supported VPN device).
Other posts are here:
https://social.msdn.microsoft.com/Forums/onedrive/en-US/4092a180-b205-4a64-97bc-fde05e60d3cb/site-to-site-vpn-failure-traffic-only-allowed-one-way?forum=WAVirtualMachinesVirtualNetwork
https://social.msdn.microsoft.com/Forums/azure/en-US/5f9a52f6-29b7-4324-a50e-1acf2d5a2062/unable-to-connect-to-gateway-for-azure-using-cisco-asa-5520-but-ok-from-onpremise-to-azure?forum=WAVirtualMachinesVirtualNetwork
The "local" network can successfully connect the tunnel to Azure, at which point the portal shows the VPN as connected, and we can access resources on the local network from our machines inside Azure.
But if we disconnect this (our use-case will not be the local network initiating the connection), then Azure is unable to initiate the connection to the Cisco side.
Inside the VNet diagnostics file I see the following entries just before the connection fails:
[0]xxxx.xxxx::01/28/2016-03:51:23.171 [ikeext] 4|xxx.xxx.xxx.xxx|Processing LIFETIME change QM Notify
[0]xxxx.xxxx01/28/2016-03:51:23.171 [user] |xxx.xxx.xxx.xxx|IkeProcessLifetimeNotify failed with Windows error 13840(ERROR_IPSEC_IKE_PROCESS_ERR_NOTIFY)
Can anyone shed light on what LIFETIME change QM Notify is, if it's a setting inside Cisco, or maybe link to any resources that might help?
Thanks in advnace,
Graeme