Article ID: 281555 - View products that this article applies to.
This article was previously published under Q281555
This article discusses how to configure a preshared key using the Layer Two Tunneling Protocol (L2TP).
The use of L2TP in Microsoft Windows 2000 requires a public key infrastructure (PKI) to issue computer certificates to the virtual private network (VPN) server and to clients so that the Internet Key Exchange (IKE) authentication process can take place.
Windows XP enables the use of a preshared key for IKE authentication. This feature is useful in environments that do not currently have a PKI in place, or in situations where Windows XP L2TP clients are making connections to third-party VPN servers that only support the use of preshared keys.
NOTE: Microsoft does not encourage the use of preshared keys, as it is a less secure method of authentication than certificates. Preshared keys are not meant to replace the use of certificates, but rather they provide an alternative for testing and internal operations. It is highly recommended that certificates be used with L2TP, whenever possible.
The following sections describe how to configure the preshared keys on both the L2TP client and the server. If you use a Microsoft Windows XP VPN-based client and VPN-based server, complete the instructions in both of these sections so that the L2TP which uses a preshared key can work. If you use a Windows XP client and a third-party VPN-based server, the "How to Configure a Preshared Key on a Microsoft Windows XP Client" section must be completed in addition to whatever procedure is required to configure preshared keys on the third-party device.
For additional information about the use of certificates for use with Internet Protocol security (IPSec), click the article number below to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/253498/EN-US/ )How to Install a Certificate for Use with IP Security