« | »

L2TP Over a NAT/VPN Device

By default, Windows XP SP2 no longer supports IPsec NAT-T security associations to servers that are located behind a network address translator. Therefore, if your virtual private network (VPN) server is behind a network address translator, by default, a Windows XP SP2-based VPN client cannot make a L2TP/IPsec connection to the VPN server. This scenario includes a VPN server that is running Microsoft Windows Server 2003.

This default behavior can also prevent computers that are running Windows XP SP2 from making Remote Desktop connections with L2TP/IPsec when the destination computer is located behind a network address translator.

Because of the way that network address translators translate network traffic, you may experience unexpected results when you put a server behind a network address translator and then use IPsec NAT-T. Therefore, if you require IPsec for communication, we recommend that you use public IP addresses for all servers that you can connect to directly from the Internet.

To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:

1. Click Start, click Run, type regedit, and then click OK.

2. Locate and then click the following registry subkey:


3. On the Edit menu, point to New, and then click DWORD Value.

4. In the New Value #1 box, type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.

5. Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.

6. In the Value Data box, type one of the following values:

7. Click OK, and then quit Registry Editor.

8. Restart the computer.

Posted by on June 10, 2011.

Categories: Microsoft, Network, VPN

0 Responses

Leave a Reply

« | »

Recent Posts



What is Blisli?more →

Switch to our desktop site