自从 Apple 在 iOS 10 上放弃 PPTP 支持以来,过去几个月我一直在对在客户端上设置的 Windows VPN 服务器进行故障排除。我们最初使用的是 PPTP,但我设置了 L2TP 来替代它。尝试从 Windows 客户端连接时,出现错误“789:L2TP 连接尝试失败,因为安全层在与远程计算机进行初始协商时遇到处理错误。”
我正在运行 Server 2012 R2,但我尝试过以下修复方法:https://support.microsoft.com/en-us/help/926179/how-to-configure-an-l2tp-ipsec-server-behind-a-nat-t-device-in-windows-vista-and-in-windows-server-2008
我也尝试过重建 VPN 服务器,甚至尝试过 SoftEther。
我们有一个通过静态 NAT 路由的专用公共 IP 地址,这是 ACL:
access-list outside_acl line 107 extended permit esp any host 10.35.101.1 (hitcnt=0) 0x2c3f8508
access-list outside_acl line 108 extended permit udp any host 10.35.101.1 eq 50 (hitcnt=0) 0xfc6bbb30
access-list outside_acl line 109 extended permit tcp any host 10.35.101.1 eq 500 (hitcnt=0) 0x1d987bba
access-list outside_acl line 110 extended permit udp any host 10.35.101.1 eq 4500 (hitcnt=0) 0xc6623026
access-list outside_acl line 111 extended permit tcp any host 10.35.101.1 eq pptp (hitcnt=1176) 0x10485f2b
access-list outside_acl line 112 extended permit udp any host 10.35.101.1 eq 1701 (hitcnt=0) 0xad20745f
access-list outside_acl line 113 extended permit tcp any host 10.35.101.1 eq https (hitcnt=8000) 0x8e44edc0
access-list outside_acl line 114 extended permit tcp any host 10.35.101.1 eq www (hitcnt=7947) 0x3b12b922
access-list outside_acl line 115 extended permit tcp any host 10.35.101.1 eq 5555 (hitcnt=43) 0x10c84c51
access-list outside_acl line 116 extended permit tcp any host 10.35.101.1 eq 1194 (hitcnt=3) 0xb31b3848
access-list outside_acl line 117 extended permit tcp any host 10.35.101.1 eq 992 (hitcnt=25) 0x2a9fc74f
access-list outside_acl line 118 extended permit udp any host 10.35.101.1 eq isakmp (hitcnt=356) 0x169d641a
我是否遗漏了什么?如有任何指导,我将不胜感激。
PPTP 仍能正常工作。