as ligações L2TP, de Windows a servidores Windows Server não funcionam “out-of-the-box”, dadas as questões levantadas com os NAT.
Só em casos em que ambos, cliente e servidor, estão com IP publico é que funcionam.
Assim, para funcionar, nos clientes deve ser alterado o registry do posto. Seguem instruções gerais, sendo que o valor deve ser alterado para “2”. Após isto, o posto tem que ser reiniciado:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
On the Edit menu, point to New, and then click DWORD (32-bit) Value.
Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
In the Value Data box, type one of the following values:
0
A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
1
A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
2
A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
Click OK, and then exit Registry Editor.