Tema: L2TP/IPSec VPN server na Win 2k3 iza NAT-a Mikrotik routera
View Single Post
Staro 24.08.2007., 19:27   #2
daigu
Premium
 
Datum registracije: May 2006
Lokacija: Crikvenica
Postovi: 143
Citiraj:
Autor beroland Pregled postova
Možda zvući malo mazohistički i nepotrebno to raditi za kućni LAN, ali često mi treba neki fajlić koji mi je doma na kompu i znate one "Marfijeve" :-) zakone baš tog fajla tada nemam na lapu. Volio bih da mogu sigurno onda VPN-om na komp po to što mi treba.
A da ne pretjeravaš malo po pitanju sigurnosti? Ajde da se radi o tvrtki gdje preko VPN-a radi 300 korisnika istovremeno na nekim novčanima transakcijama.


Citiraj:
Autor beroland Pregled postova
Da li netko ima kakv hint i da li možda ima neka caka da treba nekako odobriti NAT-T sposobnost u Win 2k3 ili je to po defaultu omogućeno?
Biti će da je prije promijenjeno ponašanje IPsec NAT traversal-a na Windows XP, poslije SP2. Što će reć da je možda problem sa klijentske strane. MS preporuča malo črčkanja po registry-ju.

http://support.microsoft.com/kb/885407/ kaže:

To allow an IPsec NAT-T initiator to connect to a responder that is located behind a NAT, you must create and set the AssumeUDPEncapsulationContextOnSendRule registry value on the initiator.

Note Before you configure this registry value, we recommend that you contact your network administrator or read your corporate security policy.

To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:
1.Click Start, click Run, type regedit, and then click OK.
2.Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec




3.On the Edit menu, point to New, and then click DWORD Value.
4.In the New Value #1 box, type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.

Important This value name is case sensitive.



5.Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
6.In the Value data box, type one of the following values:
0 (default)
A value of 0 (zero) configures Windows XP SP2 so that it cannot initiate IPsec-secured communications with responders that are located behind network address translators.



1
A value of 1 configures Windows XP SP2 so that it can initiate IPsec-secured communications with responders that are located behind network address translators.



2
A value of 2 configures Windows XP SP2 so that it can initiate IPsec-secured communications when both the initiators and the responders are behind network address translators.

Note This is the behavior of IPsec NAT-T in Windows XP without service packs installed and in Windows XP SP1.



7.Click OK, and then quit Registry Editor.
8.
Restart the computer.



Znači tebi treba 1 ili 2, ovisno o tome kako se spajaš na net sa lap-om.

Zadnje izmijenjeno od: daigu. 24.08.2007. u 19:39.
daigu je offline   Reply With Quote