Windows Live
Facebook
Twitter
Linkedin
Digg it
Yahoo
Delicious
StumbleUpon
Yammer
Reddit
Technorati
FriendFeed
EmailArticle ID: 248711 - Last Review: March 1, 2007 - Revision: 3.2 Mutual Authentication Methods Supported for L2TP/IPSec
This article was previously published under Q248711 On This PageSUMMARY
Two types of mutual authentication are supported for use with Layer 2 Tunneling Protocol (L2TP)/IP Security Protocol (IPSec): Certificate Authority and Preshared Key. Kerberos authentication is not supported for use with L2TP/IPSec.
MORE INFORMATIONCertificate AuthorityWindows 2000 automatically creates an IPSec filter that uses certificates. This type of authentication requires no configuration except a local computer certificate. If no certificates are found, the connection does not succeed. For a description of this automatic filter, see the following article in the Microsoft Knowledge Base:248750
(http://support.microsoft.com/kb/248750/EN-US/
)
Description of the IPSec Policy Created for L2TP/IPSec
Microsoft recommends using a Certificate Authority because doing so introduces a trusted third party and certificates are stored in a non-viewable format.
Preshared KeyBecause an IPSec policy for L2TP/IPSec that uses certificates is automatically created, you must disable the automatic policy and configure IPSec to use Preshared Keys. To configure L2TP/IPSec to use Preshared Key, see the following article in the Microsoft Knowledge Base:240262
(http://support.microsoft.com/kb/240262/EN-US/
)
How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication
You should use Preshared Key only for testing purposes because the preshared key is stored in a viewable format (from the local computer) and is not from a trusted third party.
Kerberos AuthenticationKerberos authentication is not supported for use with L2TP/IPSec. | Other Resources Other Support Sites
CommunityArticle Translations
|
Back to the top
