You are currently offline, waiting for your internet to reconnect

Mutual Authentication Methods Supported for L2TP/IPSec

This article was previously published under Q248711
This article has been archived. It is offered "as is" and will no longer be updated.
SUMMARY
Two types of mutual authentication are supported for use with Layer 2 Tunneling Protocol (L2TP)/IP Security Protocol (IPSec): Certificate Authority and Preshared Key. Kerberos authentication is not supported for use with L2TP/IPSec.
MORE INFORMATION

Certificate Authority

Windows 2000 automatically creates an IPSec filter that uses certificates. This type of authentication requires no configuration except a local computer certificate. If no certificates are found, the connection does not succeed. For a description of this automatic filter, see the following article in the Microsoft Knowledge Base:
248750 Description of the IPSec Policy Created for L2TP/IPSec
Microsoft recommends using a Certificate Authority because doing so introduces a trusted third party and certificates are stored in a non-viewable format.

Preshared Key

Because an IPSec policy for L2TP/IPSec that uses certificates is automatically created, you must disable the automatic policy and configure IPSec to use Preshared Keys. To configure L2TP/IPSec to use Preshared Key, see the following article in the Microsoft Knowledge Base:
240262 How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication
You should use Preshared Key only for testing purposes because the preshared key is stored in a viewable format (from the local computer) and is not from a trusted third party.

Kerberos Authentication

Kerberos authentication is not supported for use with L2TP/IPSec.
Properties

Article ID: 248711 - Last Review: 12/05/2015 17:56:10 - Revision: 3.2

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition

  • kbnosurvey kbarchive kbinfo kbipsec KB248711
Feedback