Baza znanja:
Synology vzpostavitev L2TP/IPSEC VPN povezave
Posted by MatjažS Admin, Nazadnje spremenjeno s strani MatjažS Admin on 25 September 2013 11:25 AM

Synology vzpostavitev L2TP/IPSEC VPN povezave

 

Z zadnjo verzijo DSM je Synology v svoje produkte vključil tudi L2TP/IPSEC in VPN strežnik.

Novost je dobrodošla, saj imajo Microsoftovi operacijski sistemi klijenta vključenega že v operacijski sistem.

Konfiguracija je obširno napisana že v Synology pomoči (Help).

V slučaju, ko je NAS strežnik postavljen za usmerjevalnikom (router), zaradi česar je v uporabi NAT (network address translation), pa je potrebno na Windows 7 in Windows 2008 dodatno konfigurirati klijente po spodnjem postopku:


Windows 7/2008 Error 809, L2TP VPN

 
 

By default, Windows 7 and the Windows Server 2008 operating system do not support Internet Protocol security (IPsec) network address translation (NAT) Traversal (NAT-T) security associations to servers that are located behind a NAT device. Therefore, if the virtual private network (VPN) server is behind a NAT device, a Windows 7-based VPN client computer or a Windows Server 2008-based VPN client computer cannot make a Layer Two Tunneling Protocol (L2TP)/IPsec connection to the VPN server. This scenario includes VPN servers that are running Windows Server 2008, Windows Server 2008 R2 and Microsoft Windows Server 2003.

Because of the way in which NAT devices translate network traffic, you may experience unexpected results when you put a server behind a NAT device and then use an IPsec NAT-T environment. Therefore, if you must have IPsec for communication, it is recommended that you use public IP addresses for all servers that you can connect to from the Internet. However, if you have to put a server behind a NAT device and then use an IPsec NAT-T environment, you can enable communication by changing a registry value on the VPN client computer and the VPN server.

To create and configure the

AssumeUDPEncapsulationContextOnSendRule

registry value, follow these steps:

  1. Log on to the Windows 7 client computer as a user who is a member of the Administrators group.
  2. Click Start, point to All Programs, click Accessories, click Run, type regedit, and then click OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, click Continue.
  3. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
  4. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
  5. Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
  6. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
  7. In the Value Data box, type one of the following values:
    1. 0
      A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
    2. 1
      A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
    3. 2
      A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
  8. Click OK, and then exit Registry Editor.
  9. Restart the computer.

http://support.microsoft.com/kb/926179


 

Originalni članek se nahaja na spodnji strani:
http://vkelk.wordpress.com/2012/10/28/windows-72008-error-809-l2tp-vpn/

(0 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako servis.xenon-forte.si/index.php?