自从苹果在iOS 10上放弃了PPTP支持以来,我一直在对客户端设置的Windows VPN服务器进行故障排除。我们原来使用PPTP,但是我已经设置了L2TP来replace它。 尝试从Windows客户端连接时,出现错误“789:L2TP连接尝试失败,因为安全层在与远程计算机的初始协商期间遇到处理错误”。
我正在运行服务器2012 R2,但我试过这个修复: https : //support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat -t设备function于Windows的Vista的和function于Windows的服务器-2008
我也尝试重buildVPN服务器,甚至尝试使用SoftEther。
我们有一个通过静态NAT路由的专用公共IP地址,这里是ACL:
access-list outside_acl line 107 extended permit esp any host 10.35.101.1 (hitcnt=0) 0x2c3f8508 access-list outside_acl line 108 extended permit udp any host 10.35.101.1 eq 50 (hitcnt=0) 0xfc6bbb30 access-list outside_acl line 109 extended permit tcp any host 10.35.101.1 eq 500 (hitcnt=0) 0x1d987bba access-list outside_acl line 110 extended permit udp any host 10.35.101.1 eq 4500 (hitcnt=0) 0xc6623026 access-list outside_acl line 111 extended permit tcp any host 10.35.101.1 eq pptp (hitcnt=1176) 0x10485f2b access-list outside_acl line 112 extended permit udp any host 10.35.101.1 eq 1701 (hitcnt=0) 0xad20745f access-list outside_acl line 113 extended permit tcp any host 10.35.101.1 eq https (hitcnt=8000) 0x8e44edc0 access-list outside_acl line 114 extended permit tcp any host 10.35.101.1 eq www (hitcnt=7947) 0x3b12b922 access-list outside_acl line 115 extended permit tcp any host 10.35.101.1 eq 5555 (hitcnt=43) 0x10c84c51 access-list outside_acl line 116 extended permit tcp any host 10.35.101.1 eq 1194 (hitcnt=3) 0xb31b3848 access-list outside_acl line 117 extended permit tcp any host 10.35.101.1 eq 992 (hitcnt=25) 0x2a9fc74f access-list outside_acl line 118 extended permit udp any host 10.35.101.1 eq isakmp (hitcnt=356) 0x169d641a 我错过了什么吗? 任何指导将不胜感激。
PPTP仍然正常工作。
这听起来像一个垃圾回答,但你试过OpenVPN? 它与许多操作系统兼容,configuration起来非常简单。 比L2TP容易得多。