PPCGeeks Forums HTC Arrive HTC HD2 HTC Thunderbolt HTC Touch Pro 2 HTC Evo 4G HTC Evo 3D Samsung Galaxy S II Motorola Droid X Apple iPhone Blackberry
Go Back   PPCGeeks > Windows Mobile > Windows Mobile Hacks/Tweaks

Notices



Closed Thread
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-20-2008, 10:16 AM
ChucknDiscs's Avatar
Lurker
Offline
 
Join Date: Feb 2008
Posts: 1
Reputation: 0
ChucknDiscs is a n00b
Mentioned: 0 Post(s)
Tagged: 0 Thread(s)
NAT-T, L2TP / IPSEC VPN Issue

Our company employs a L2TP / IPSEC VPN for remote connectivity. The VPN server is behind a NAT device. Se had to do the registry edit to our laptops in order for them to VPN in to our company.

Windows XP Registry Edit:

http://support.microsoft.com/kb/818043

"Because of the way that network address translators translate network traffic, you may experience unexpected results when you put a server behind a network address translator and then use IPsec NAT-T. Therefore, if you require IPsec for communication, we recommend that you use public IP addresses for all servers that you can connect to directly from the Internet.

To create and configure the AssumeUDPEncapsulationContextOnSendRule registry value, follow these steps:

1.Click Start, click Run, type regedit, and then click OK.
2.Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\IPsec
3.On the Edit menu, point to New, and then click DWORD Value.
4.In the New Value #1 box, type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
5.Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
6.In the Value Data box, type one of the following values:
0 (default) A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind network address translators.
1 A value of 1 configures Windows so that it can establish security associations with servers that are located behind network address translators.
2 A value of 2 configures Windows so that it can establish security associations when both the server and the Windows XP SP2-based client computer are behind network address translators.
7.Click OK, and then quit Registry Editor.
8.Restart the computer"

Now I would like to enable the same VPN for our Pocket PC users with Windows Mobile 6.0 or greater. I understand WM60 can use NAT-T, they have the ability to L2TP / IPSEC VPN, they can have certificates installed. We have setup 2 devices with certificates, with the correct IP but they dont work. I beleive its because we have not done the ABOVE registry edit to the Pocket PC's. I have searched the web for 2 days looking for the solution to this and have been so far unsuccessful. I went to the same location on the Pocket PC registry and find NO IPSec under the services. I only find LDAP.

QUESTION: Has anyone found where to put the AssumeUDPEncapsulationContextOnSendRule
Dword value yet in the windows mobile 6.0 registry yet? DO I need to put it in there or is something else perhaps a-miss?

Can I just make a IPSec key under services?

Thanks!!

~Chuckn - em - Discs!

Last edited by ChucknDiscs; 02-20-2008 at 10:19 AM.
Closed Thread

  PPCGeeks > Windows Mobile > Windows Mobile Hacks/Tweaks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 06:03 AM.


Powered by vBulletin® ©2000 - 2019, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.6.0
©2012 - PPCGeeks.com