Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?

From: Greg West (westgj_at_yahoo.com)
Date: 11/30/04 

Date: 30 Nov 2004 14:38:23 -0800

I called up Microsoft Technical Support and they told me it was not
directly supported.

To quote the Microsoft support article
http://support.microsoft.com/kb/240262/EN-US/

"Although Microsoft does not support or recommend the use of a
preshare key for IKE authentication on remote access L2TP/IPSec client
connections..."

Are you able to help me?

Greg

"Steve Clark [MSFT]" <bogus@microsoft.com> wrote in message news:<#ZrDxMk1EHA.2316@TK2MSFTNGP15.phx.gbl>...
> Who told you PSK are not supported by Microsoft?
>
> That feature is 100% supported. It's not recommended to use PSK in a domain
> scenario where the PSK is written to the domain NC, since anyone that can
> enumerate the domain NC can view the PSK.
>
>
>
>
> "Greg West" <westgj@yahoo.com> wrote in message
> news:5bb67ae5.0411282028.7e66a489@posting.google.com...
> >I am attempting to use IPSec/LT2P Pre-Shared Keys to authenticate
> > between XP clients and a Windows 2000 RRAS server. Yes, I know
> > Pre-Shared Keys are not directly supported by Microsoft.
> >
> > I have read article http://support.microsoft.com/kb/240262/EN-US but
> > that talks about connecting 2 Win2K RRAS servers over a LAN. I have
> > created a new security policy as per the article but since I am new to
> > security I really don't know if I have configured it correctly. I set
> > the key on the VPN connection to match what I configured in the new
> > security policy.
> >
> > I also added the registry entry as described in the article to the
> > Win2K RRAS server but it didn't help.
> >
> > Has anyone been able to get this to work? I would be very grateful
> > for any help.
> >
> > Greg

Relevant Pages