When configuring Microsoft Windows 2000, XP, or Vista clients for a VPN, you should take the following into consideration:
-
The default IPsec policy for the Vista client is for IKE certificates only. If you want to use PSK (or if you want to create an L2TP -only tunnel), you must edit the registry to prevent the Vista client from using the default policy.
-
You can also edit the registry of Windows 2000 or Windows XP clients if you want to exercise granular control over the IPsec policy parameters.
-
The Windows client's security proposals for IKE are presented to the VPN gateway with the strongest DH group presented first. If that first DH group is not specified in the TMS zl Module's IPsec policy, the module will close the session. Therefore, you must either delete all of the IKE security proposals on the Windows client before configuring your own proposal or you must configure the IKE policy on the module to conform to the client's .
-
To configure the optional shared secret for L2TP clients, you must edit the client's registry to input the secret.


|