You are currently offline, waiting for your internet to reconnect

HOW TO: Configure a Preshared Key for Use with Layer 2 Tunneling Protocol Connections in Windows Server 2003

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q324258
SUMMARY
This article discusses how to configure a preshared key for use with Layer 2 Tunneling Protocol (L2TP).

To use L2TP in Windows Server 2003, you must have a public key infrastructure (PKI) to issue computer certificates to the virtual private network (VPN) server and to clients so that the Internet Key Exchange (IKE) authentication process can occur.

With Windows Server 2003, you can use a preshared key for IKE authentication. This feature is useful in environments that do not currently have a PKI in place, or in situations where Windows Server 2003 L2TP servers are making connections to third-party VPN servers that only support the use of preshared keys.

NOTE: Microsoft does not encourage the use of preshared keys, because it is a less secure method of authentication than certificates. Preshared keys are not meant to replace the use of certificates; instead, preshared keys are another method for testing and internal operations. Microsoft strongly recommends that you use certificates with L2TP whenever possible.

The following sections describe how to configure the preshared keys on both the L2TP client and the server. If you use a Windows Server 2003 operating system for both client and VPN-based server, complete the instructions in both of these sections so that the L2TP that uses a preshared key can work. If you use a Windows Server 2003 VPN client and a third-party VPN-based server, you must follow the steps in the "How to Configure a Preshared Key on a VPN Server" section of this article, and you must configure preshared keys on the third-party device.

back to the top

How to Configure a Preshared Key on a VPN Client

  1. In Control Panel, double-click Network Connections.
  2. Under the Virtual Private Network section, right-click the connection for which you want to use a preshared key, and then click Properties.
  3. Click the Security tab.
  4. Click IPSec Settings.

    NOTE: IPSec Settings may be shaded if on the Networking tab, Type of VPN is set to PPTP VPN. A preshared key can only be configured if this option is set to L2TP IPSec VPN or Automatic.
  5. Click to select the Use preshared key for authentication check box.
  6. In the Key box, type the preshared key value. This value must match the preshared key value that is entered on the VPN-based server.
  7. Click OK two times.
back to the top

How to Configure a Preshared Key on a VPN Server

  1. Start the Routing and Remote Access snap-in. To do this, click Start, point to Administrative Tools, and then click Routing and Remote Access.
  2. Right-click the server that you will configure with the preshared key, and then click Properties.
  3. Click Security.
  4. Click to select the Allow Custom IPSec Policy for L2TP connection check box.
  5. In the Preshared key box, type the preshared key value. This value must match the preshared key value entered on the VPN-based client.
  6. Click OK.

back to the top


REFERENCES
back to the top
kbnetwork
Properties

Article ID: 324258 - Last Review: 12/03/2007 04:41:35 - Revision: 6.3

  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, 64-Bit Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows Small Business Server 2003 Premium Edition
  • Microsoft Windows Small Business Server 2003 Standard Edition
  • kbnetwork kbhowto kbhowtomaster kbnetwork KB324258
Feedback