PPTP and L2TP VPN Configuring a Windows XP client for L2TP
FortiGate-100 Installation and Configuration Guide 219
5 Select Advanced to configure advanced settings.
6 Select Settings.
7 Select Challenge Handshake Authentication Protocol (CHAP).
8 Make sure that none of the other settings are selected.
9 Select the Networking tab.
10 Make sure that the following options are selected:
•TCP/IP
• QoS Packet Scheduler
11 Make sure that the following options are not selected:
• File and Printer Sharing for Microsoft Networks
• Client for Microsoft Networks
Disabling IPSec
1 Select the Networking tab.
2 Select Internet Protocol (TCP/IP) properties.
3 Double-click the Advanced tab.
4 Go to the Options tab and select IP security properties.
5 Make sure that Do not use IPSEC is selected.
6 Select OK and close the connection properties window.
7 Use the registry editor (regedit) to locate the following key in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\
Parameters
8 Add the following registry value to this key:
Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1
9 Save your changes and restart the computer for the changes to take effect.
You must add the ProhibitIpSec registry value to each Windows XP-based
endpoint computer of an L2TP or IPSec connection to prevent the automatic filter for
L2TP and IPSec traffic from being created. When the ProhibitIpSec registry value
is set to 1, your Windows XP-based computer does not create the automatic filter that
uses CA authentication. Instead, it checks for a local or active directory IPSec policy.
Note: If a RADIUS server is used for authentication do not select Require data encryption.
L2TP encryption is not supported for RADIUS server authentication.
Note: The default Windows XP L2TP traffic policy does not allow L2TP traffic without IPSec
encryption. You can disable default behavior by editing the Windows XP Registry as described
in the following steps. See the Microsoft documentation for editing the Windows Registry.