Azure Route Based VPN & Idle drop-outs

 

 

Azure Policy based VPN's experience idle drop-outs. An alternative is route-based VPN method.

More detail on route-based VPN is in article below

http://packetlife.net/blog/2011/aug/17/policy-based-vs-route-based-vpns-part-2/

In this situation the only way to truly find out is by creating a route based VPN and testing it to see if there are any drop outs.

Route-based VPNs are always on

The SAs for a route-based VPN are always maintained, so long as the corresponding tunnel interface is up. This is in contrast to a policy-based VPN, which forms SAs in response to detecting traffic which matches the policy (and will eventually tear down the SAs in the absence of such traffic). This can be seen as a benefit of policy-based VPNs if your VPN experiences infrequent traffic load, but personally I prefer to have my crypto tunnels up all the time to avoid IKE negotiation delay.