XP SP2 kills VPN over L2TP with IPsec behind a NAT-t router

O

oj

If you install Sp on a computer that needs to access an LT2P IPsec VPN
behind a router using Nat-t, then you will no longer be able to access it,
evern if you disable all firewalls etc.

http://support.microsoft.com/default.aspx?scid=kb;en-us;818043 gave a fix to
enhance L2TP to use Nat-t for windows XP Sp1, but this fix appears not to be
in SP2 and you cannot install the fx post SP2 as it says it is only for Sp1.
- removing Sp2 fixes it!!!!!

Anyone else come across this? Anyone from MS want to comment?

OJ
 
T

TD

The fix to this problem is discussed here
http://zdnet.com.com/2100-1105-5321783.html

Basically, Microsoft considers L2TP/IPSEC via NAT insecure. So
they've added a key and made it default to killing the functionality
of the SP1 NAT-T patch. And they don't give you any place to modify
this key value. So you have to import it by hand. And you MUST
reboot after installing this key.

Here's the regedit patch.
-------------------------

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec]
"AssumeUDPEncapsulationContextOnSendRule"=dword:00000002
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top