Microsoft KB Archive/254442

= Windows 2000 L2TP/IPSec Interoperation with Third-Party Manufacturers =

PSS ID Number: 254442

Article Last Modified on 11/4/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q254442



SUMMARY
Windows 2000 is compliant with Request for Comments (RFC) 2661 ("Layer Two Tunneling Protocol"). RFC 2661 indicates that Layer 2 Tunneling Protocol (L2TP) traffic can be secured with IP Security Protocol (IPSec), but does not provide details about how to implement this security. An Internet-draft document is currently being worked on that will specify the details of securing L2TP traffic with IPSec. Internet-draft documents are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups.

Because the protection of L2TP traffic with IPSec is not yet a standard (there is no RFC for it), the interoperation of Windows 2000 with third-party software using L2TP/IPSec must be tested.

Use the following basic information about the protection of L2TP traffic using IPSec in Windows 2000 as a guide when you are testing with third-party software:
 * Certificates are used for computer authentication--it is possible to use a preshared key.
 * The Transport mode of IPSec is used to protect L2TP traffic.
 * UDP port 1701 is used for both source and destination ports--non-negotiable.



MORE INFORMATION
For additional information about configuring L2TP/IPSec to use a preshared key for authentication, click the article number below to view the article in the Microsoft Knowledge Base:

240262 How to Configure a L2TP/IPSec Connection Using a Pre-shared Key

For more information about virtual private network (VPN) interoperability support in Windows 2000, see the following Microsoft Web site:

http://www.microsoft.com/windows2000/techinfo/howitworks/communications/remoteaccess/l2tp.asp

Keywords: kb3rdparty kbinfo kbIPSec kbnetwork KB254442

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.