With the help of Cisco we finally managed to get the ipsec tunnel between our corporate office to Azure up and running. Traffic is routing bidirectionally between nodes behind the VPN nodes. We can ping for hours on end. If we stop the ping and the circuit goes idle, the VPN will drop. After that, ping all you want from the azure side (8000 retries in my case), the tunnel will not come back up. If we initiate the tunnel from our corporate office it's back up in under 60 seconds.
So, the question is, why? Cisco said something about NAT on the Azure side and the new web admin has zero settings for anything than a simple point and click setup. No timeout settings, no keep alive, etc.
What are we missing?
Using the classic our tunnel works fine (different network segment entirely), but since we can only use that VPN for classic nodes we're kind of stuck.
Thoughts?