MS 문서에는 Windows 7은 해당 내용이 없기에 적용하지 않아도 되는 줄 알았으나... 결론은 반드시 적용해야 한다.


http://support.microsoft.com/kb/926179


  • Log on to the Windows Vista client computer as a user who is a member of the Administrators group.
  • Click Start
    Start button
    , point to All Programs, click Accessories, click Run, type regedit, and then click OK. If the User Account Control dialog box is displayed on the screen and prompts you to elevate your administrator token, clickContinue.
  • Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent
    Note You can also apply the
    AssumeUDPEncapsulationContextOnSendRule
    DWORD value to a Microsoft Windows XP Service Pack 2 (SP2)-based VPN client computer. To do this, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec
  • On the Edit menu, point to New, and then click DWORD (32-bit) Value.
  • Type AssumeUDPEncapsulationContextOnSendRule, and then press ENTER.
  • Right-click AssumeUDPEncapsulationContextOnSendRule, and then click Modify.
  • In the Value Data box, type one of the following values:
    • 0
      A value of 0 (zero) configures Windows so that it cannot establish security associations with servers that are located behind NAT devices. This is the default value.
    • 1
      A value of 1 configures Windows so that it can establish security associations with servers that are located behind NAT devices.
    • 2
      A value of 2 configures Windows so that it can establish security associations when both the server and the Windows Vista-based or Windows Server 2008-based VPN client computer are behind NAT devices.
  • Click OK, and then exit Registry Editor.
  • Restart the computer.


  • 요약하면, 아래의 DWORD(32) 값을 추가하고 재부팅해야 한다


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent


    AssumeUDPEncapsulationContextOnSendRule (DWORD32)

    2



    사용자 로그인