Edit the Windows Registry for L2TP over IPsec

You must edit the registry of Windows Vista clients to support L2TP Layer 2 Tunneling Protocol over IPsec when using PSK.

For Windows 2000/XP clients, you edit the registry when using manual configuration but not when using wizards. The new registry entry prevents the Windows VPN client from using the default IPsec policy, which is designed primarily for use with certificates.

You should also create this registry entry if you want to use L2TP alone, without IPsec.

These instructions show you how to edit the registry manually from the Windows client workstation. To edit the registry of many client workstations at once, you may be able to use a desktop management tool or an Active Directory group policy.

 

Instructions

Windows 2000/XP/Vista

  1. On the Windows Taskbar, click Start.

  2. Click Run.

 

 

  1. In the Run window, type regedit and press OK.

 

 

  1. In the left panel of the Registry Editor, expand the following folders:

  1. HKEY_LOCAL_MACHINE

  2. SYSTEM

  3. CurrentControlSet

  4. Services

 

 

  1. RasMan

  2. Parameters

 

 

  1. 2000/XP: Select Edit > New > DWORD Value.

  1. Vista: Select Edit > New > DWORD (32-bit) Value.

 

 

  1. A new entry appears in the right panel. Name it ProhibitIpSec. Use the same spelling and capitalization as shown.

 

 

  1. Right-click ProhibitIpSec and select Modify.

 

 

  1. 2000/XP: In the Edit DWORD Value window, type 1 in the Value data box and click OK.

  1. Vista: In the Edit DWORD (32-bit) Value window, type 1 in the Value data box and click OK.

  2. Close the registry editor and restart the computer.