Configuring a windows xp client for l2tp – Fortinet FortiGate 4000 User Manual
Page 268
268
Fortinet Inc.
Configuring L2TP
PPTP and L2TP VPN
4
Go to the Options tab and select IP security properties.
5
Make sure that Do not use IPSEC is selected.
6
Select OK and close the connection properties window.
7
Use the registry editor (regedit) to locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\
Parameters
8
Add the following registry value to this key:
Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1
9
Save the changes and restart the computer for the changes to take effect.
You must add the ProhibitIpSec registry value to each Windows 2000-based
endpoint computer of an L2TP or IPSec connection to prevent the automatic filter for
L2TP and IPSec traffic from being created. When the ProhibitIpSec registry value
is set to 1, your Windows 2000-based computer does not create the automatic filter
that uses CA authentication. Instead, it checks for a local or active directory IPSec
policy.
To connect to the L2TP VPN
1
Start the dialup connection that you configured in the previous procedure.
2
Enter your L2TP VPN User Name and Password.
3
Select Connect.
4
In the connect window, enter the User Name and Password that you use to connect to
your dialup network connection.
This user name and password is not the same as your VPN user name and password.
Configuring a Windows XP client for L2TP
Use the following procedure to configure a client computer running Windows XP so
that it can connect to a FortiGate L2TP VPN.
To configure an L2TP VPN dialup connection
1
Go to Start > Settings.
2
Select Network and Internet Connections.
3
Select Create a connection to the network of your workplace and select Next.
4
Select Virtual Private Network Connection and select Next.
5
Name the connection and select Next.
6
If the Public Network dialog box appears, choose the appropriate initial connection
and select Next.
Note: The default Windows 2000 L2TP traffic policy does not allow L2TP traffic without IPSec
encryption. You can disable default behavior by editing the Windows 2000 Registry as
described in the following steps. See the Microsoft documentation for editing the Windows
Registry.