Registrations are now open. Join us today!
There is still a lot of work to do on the wiki yet! More information about editing can be found here.
Already have an account?

Microsoft KB Archive/248711

From BetaArchive Wiki

Article ID: 248711

Article Last Modified on 3/1/2007



APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition



This article was previously published under Q248711


SUMMARY

Two types of mutual authentication are supported for use with Layer 2 Tunneling Protocol (L2TP)/IP Security Protocol (IPSec): Certificate Authority and Preshared Key. Kerberos authentication is not supported for use with L2TP/IPSec.

MORE INFORMATION

Certificate Authority

Windows 2000 automatically creates an IPSec filter that uses certificates. This type of authentication requires no configuration except a local computer certificate. If no certificates are found, the connection does not succeed. For a description of this automatic filter, see the following article in the Microsoft Knowledge Base:

248750 Description of the IPSec Policy Created for L2TP/IPSec


Microsoft recommends using a Certificate Authority because doing so introduces a trusted third party and certificates are stored in a non-viewable format.

Preshared Key

Because an IPSec policy for L2TP/IPSec that uses certificates is automatically created, you must disable the automatic policy and configure IPSec to use Preshared Keys. To configure L2TP/IPSec to use Preshared Key, see the following article in the Microsoft Knowledge Base:

240262 How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication


You should use Preshared Key only for testing purposes because the preshared key is stored in a viewable format (from the local computer) and is not from a trusted third party.

Kerberos Authentication

Kerberos authentication is not supported for use with L2TP/IPSec.

Keywords: kbinfo kbipsec KB248711