HOW TO: Configure a Preshared Key for Use with Layer Two Tunneling Protocol Connections in Windows XP (281555)


The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
This article was previously published under Q281555

IN THIS TASK

SUMMARY

This article discusses how to configure a preshared key using the Layer Two Tunneling Protocol (L2TP).

The use of L2TP in Microsoft Windows 2000 requires a public key infrastructure (PKI) to issue computer certificates to the virtual private network (VPN) server and to clients so that the Internet Key Exchange (IKE) authentication process can take place.

Windows XP enables the use of a preshared key for IKE authentication. This feature is useful in environments that do not currently have a PKI in place, or in situations where Windows XP L2TP clients are making connections to third-party VPN servers that only support the use of preshared keys.

NOTE: Microsoft does not encourage the use of preshared keys, as it is a less secure method of authentication than certificates. Preshared keys are not meant to replace the use of certificates, but rather they provide an alternative for testing and internal operations. It is highly recommended that certificates be used with L2TP, whenever possible.

The following sections describe how to configure the preshared keys on both the L2TP client and the server. If you use a Microsoft Windows XP VPN-based client and VPN-based server, complete the instructions in both of these sections so that the L2TP which uses a preshared key can work. If you use a Windows XP client and a third-party VPN-based server, the "How to Configure a Preshared Key on a Microsoft Windows XP Client" section must be completed in addition to whatever procedure is required to configure preshared keys on the third-party device.

back to the top

How to Configure a Preshared Key on a Windows XP Client

  1. In Control Panel, click Network and Internet Connections.
  2. Click Network Connections.
  3. Under the Virtual Private Network section, right-click the icon you want to use as a preshared key, and then click Properties.
  4. Click the Security tab.
  5. Click IPSec Settings.
    NOTE: IPSec Settings may be shaded if the Networking tab labeled "Type of VPN server I am calling" is set to Point-to-Point Tunneling Protocol (PPTP). A preshared key can only be configured if this is set to "L2TP" or "Automatic".
  6. Click to select the Use preshared key for authentication check box.
  7. Enter the preshared key value in the Key: text box. This value must match the preshared key value that is entered on the VPN-based server.
back to the top back to the top


REFERENCES

For additional information about the use of certificates for use with Internet Protocol security (IPSec), click the article number below to view the article in the Microsoft Knowledge Base:

253498 How to Install a Certificate for Use with IP Security

back to the top
Modification Type:MinorLast Reviewed:1/25/2006
Keywords:kbhowto kbHOWTOmaster kbnetwork KB281555 kbAudITPro
©2004 Microsoft Corporation. All rights reserved.