xDSL.at

[mazunte2308]

hier eine funtionierende Beschreibung für VPN unter Windows 2000 prof.

Task:
This document contains a tutorial how to configure Windows 2000 for using pre-shared key (also referred to as PSK or Pre-Shared Secret) as IPSec authentication for L2TP. Since Windows 2000 (in contrast to Windows XP) does not offer the selection of a PSK in the network connection wizard, the PSK and the IPSec connections need to be configured manually.
Warning: This should be used by experienced users only!
Steps:

1. Enable the usage of local IPSec policies (registry editor)
- Start the registry editor by entering "regedit" at "Start->Run"
- Traverse to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
- Add a new registry entry in this section by selecting "Edit->New->DWORD Value":
Enter name: ProhibitIpSec
- Double click on the new item and change its value data to "1"
- Exit regedit
- Reboot your computer for the changes to take effect
2. Configure the IPSec policy (management console)
- Start the management console by entering "mmc" at "Start->Run"
- Select the menu "Console->Add/Remove Snap-in"
- Click on "Add"
- Select "IP Security Policy Management" from the list
- Click on "Add", then on "Finish", afterwards on "Close", then on "OK"
- Right click on "IP Security Policies on Local Machine" in the tree view,
and select "Create IP Security Policy"
- The IPSec Policy Wizard shows up. Click on "Next"
- Enter a name for your new policy, e.g. "L2TP Roadwarrior". Click on "Next"
- Disable the option "Activate the default response rule". Click on "Next"
- Make sure that "Edit properties" is selected. Press on "Finish"
- In the dialog box, click on "Add".
- The Security Rule Wizard shows up. Click on "Next"
- Select "This rule does not specify a tunnel" and click on "Next"
- Select "All network connections" and click on "Next"
- Select "Use this string to protect the key exchange (preshared key)",
enter the IPSec PSK in the corresponding field and click on "Next"
- In the IP Filter List dialog box, click on "Add"
- Enter the name of your filter list (e.g. "L2TP filter list") and click
on "Add"
- The IP Filter Wizard show up. Click on "Next"
- As "Source address", select "My IP Address" and click on "Next"
- As "Destination address", select "A specific IP Address" and enter
the IP address of your L2TP/IPSec gateway. Click on "Next"
- Select "UDP" as protocol type and click on "Next"
- Select "From this port" and enter "1701" in the corresponding field.
Select "To this port" and enter "1701" in the corresponding field.
Afterwards click on "Next"
- Make sure that the "Edit properties" option is disabled and press "Finish"
- Click on "Close" to close the IP Filter List dialog box
- In the Security Rule Wizard, select your newly created filter list and
click on "Next"
- Select the "Require Security" option and click on "Edit"
- Disable the "Accept unsecured communication, but always respond using IPSec"
option and click on "OK" to close the dialog box
- Click on "Next"
- Make sure that the "Edit properties" option is deactivated, and press "Finish"
- Click on "Close" to close the dialog box
- Your new policy should show up on the right side of the mmc window.
Right-click on the policy and select "Assign" to activate it
- Close the mmc

3. Restart IPSec service
- Start the service manager by entering "services.msc" at "Start->Run"
- Restart the "IPSEC Policy Agent"
4. Configure L2TP connection (network connections)
- Open the network connections configuration by starting
"Start->Settings->Network and Dial-up Connections"
- Double-click on "Make New Connection"
- The Network Connection Wizard shows up. Click on "Next"
- Select "Connect to a private network through the Internet" and click on "Next"
- Select "Do not dial the initial connection" and click on "Next"
- Enter the IP address of your VPN gateway and click on "Next"
- Select either "For all users" or "Only for myself", at your choice,
and click on "Next"
- Enter a name of your choice, e.g. "L2TP to office" and click on "Finish"
- In the login window, click on "Properties"
- Select tab "Security" and disable the option "Require data encryption
(disconnect if none)"
- Select tab "Networking"and select "Layer-2 Tunneling Protocol (L2TP)" for
"Type of VPN server I am calling"
- Click on "OK" to close the properties dialog box
- Enter your user name and password
5. Initiate connection
- Click on the "Connect" button

-----