Ilipin
Newbie | Редактировать | Профиль | Сообщение | Цитировать | Сообщить модератору Господа! Аллилуя! Можно добавлять в FAQ. Победил VPN Site-to-site. Если ИСА отбрасывает нужные вам пакеты, например при использовании VPN Site-to-site, выдавая ошибку 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED, то нужно отключать/изменять эту важную и нужную фичу Вариант 1. http://support.microsoft.com/?kbid=917025 To work around this problem, you must increase the time-out value for IPSec Security Association Idle Timer. To do this, follow these steps: 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Serviecs\IPsec 3. Add the SAIdleTime registry entry. If this entry already exists, modify the value. To do this, follow these steps: a. Right-click the IPSec registry key, click New, and then click DWORD Value. b. Type SAIdleTime, and then press ENTER. c. Right-click the SAIdleTime registry entry, and then click Modify. d. Click Decimal, type 3600 in the Value data box, and then click OK. Note The default value for the SAIdleTime registry entry is 300 seconds. The maximum value that you can set for the entry is 3,600 seconds. You must set the value to 3,600. 4. Exit Registry Editor. 5. Restart the computer. Вариант 2. http://support.microsoft.com/kb/838114 To disable the IP Spoof Detection feature in the Windows registry, follow these steps: Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/FwEng/Parameters If the Parameters subkey is not displayed, follow these steps to create this subkey: a. Click the FwEng subkey. b. On the Edit menu, point to New, and then click Key. c. To name the key, type Parameters, and then press ENTER. 3. Right-click Parameters, point to New, and then click DWORD Value. 4. To name the value, type DisableSpoofDetection, and then press ENTER. 5. Right-click DisableSpoofDetection, and then click Modify. 6. In the Value data box, type 1, and then click OK. Warning This setting disables IP Spoof Detection on the ISA Server 2004-based computer. To enable IP Spoof Detection, set the DisableSpoofDetection value to 0. This is the default value. 7. Exit Registry Editor, and then restart the ISA Server 2004 services. Вроде все. У меня по варианту 2 заработало. Первый не проверял. |