I have followed a number of different blogs to configure a site-to-site VPN with Azure. When the demand dial connection starts, the following occurs:
Message 1
CoId={28E6AE60-C778-4DE0-AE36-0046FA39B40B}: The user SYSTEM has started dialing a VPN connection using a all-user connection profile named x.x.x.x. The connection settings are:
Dial-in User =
VpnStrategy = IKEv2
DataEncryption = Require
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = PreShareKey
Ipv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = No
UseFlags = Private Connection
ConnectOnWinlogon = No
Mobility enabled for IKEv2 = No.
Message 2:
CoId={28E6AE60-C778-4DE0-AE36-0046FA39B40B}: The user SYSTEM is trying to establish a link to the Remote Access Server for the connection named x.x.x.x using the following device:
Server address/Phone Number = x.x.x.x
Device = WAN Miniport (IKEv2)
Port = VPN2-4
MediaType = VPN.
Message 3:
CoId={28E6AE60-C778-4DE0-AE36-0046FA39B40B}: The user SYSTEM has successfully established a link to the Remote Access Server using the following device:
Server address/Phone Number = x.x.x.x
Device = WAN Miniport (IKEv2)
Port = VPN2-4
MediaType = VPN.
Message 4:
CoId={28E6AE60-C778-4DE0-AE36-0046FA39B40B}: The link to the Remote Access Server has been established by user SYSTEM.
Message 5 (Error):
CoId={28E6AE60-C778-4DE0-AE36-0046FA39B40B}: The user SYSTEM dialed a connection named x.x.x.x which has failed. The error code returned on failure is 13801.
My ISP has confirmed there is no NAT and the firewall is wide open right now (hardware and software).
I have tried a self signed key with EKU's of Server Authentication and IP Security IKE Intermediate.
I've seen others have this problem but no solution. Anyone have any ideas?