How To Configure Windows LP2T/IPsec Client for Cisco VPN


Please follow these steps to configure Windows LP2T/IPsec client for Cisco VPN.

Step 1: Add the "ProhibitIpSec" Registry Value

  1. Click Start, click Run, type regedit32, and then click OK.
  2. Locate, and then click the following registry subkey: 
  3. On the Edit menu, click Add Value.
  4. In the Value Name box, type ProhibitIpSec.
  5. In the Data Type list, click REG_DWORD, and then click OK.
  6. In the Data box, type 1, and then click OK.
  7. Quit Registry Editor, and then restart your computer.

Step 2: Create VPN Connection

  1. Click Start, and then click Control Panel.
  2. In Control Panel, double click Network Connections.
  3. Click Create a new connection in the Network Tasks task pad
  4. In the Network Connection Wizard, click Next.
  5. Click Connect to the network at my workplace, and then click Next.
  6. Click Virtual Private Network connection, and then click Next.
  7. Type or any other name servers for your Company Name box, and then click Next.
  8. Choose Do not dial the initial connection in Public Network .
  9. Put your firewall IP address in Host Name or IP Address box.
  10. You are just about done, the rest of the screens just verify your connection, click Next.
  11. Click to select the Add a shortcut to this connection to my desktop check box if you want one, if not, then leave it unchecked and click finish.
  12. In the Network Connections window, right-click the new connection and select properties.
  13. In Security tab, choose Advanced (custom settings).
  14. Click Settings.
  15. Only leave Microsoft CHAP (MS-CHAP) checked.
  16. In Networking tab, select L2TP IPSec VPN in the Type of VPN dropdown box.
  17. Click Internet Protocol (TCP/IP) and then click Properties button.
  18. Click Advanced.
  19. Uncheck Use default gateway on remote network.

Step 3: Create an IPSec Policy

  1. Click Start, click Run, type mmc, and then click OK.
  2. Click Console, click Add/Remove Snap-in, click Add, click IP Security Policy Management, click Add, click Finish, click Close, and then click OK.
  3. Right-click IP Security Policies on Local Machine, click Create IP Security Policy, and then click Next.
  4. In the IP Security Policy Name dialog box, type the name for the IP Security policy in the Name box, and then click Next.
  5. In the Requests for Secure Communication dialog box, click to clear the Activate the default response rule check box, and then click Next.
  6. Click to select the Edit Properties check box, and then click Finish.
  7. In the New IP Security Policy Properties dialog box, click Add on the Rules tab, and then click Next.
  8. In the Tunnel Endpoint dialog box, click This rule does not specify a tunnel, and then click Next.
  9. In the Network Type dialog box, click All network connections, and then click Next.
  10. In the Authentication Method dialog box, click Use this string to protect the key exchange (preshared key), type a preshared key, and then click Next.
  11. In the IP Filter List dialog box, click Add, type a name for the IP filter list in the Name box, click Add, and then click Next.
  12. In the IP Traffic Source dialog box, choose My IP Address, and then click Next.
  13. In the IP Traffic Destination dialog box, click A specific IP Address in the Destination address box, type your firewall IP, and then click Next.
  14. In the IP Protocol Type dialog box, click UDP in the Select a protocol type box, and then click Next.
  15. In the IP Protocol Port dialog box, click From this port, type 1701 in the From this port box, click To any port, and then click Next.
  16. Click to select the Edit properties check box, click Finish, and then click to select Mirrored. Also match packets with the exact opposite source and destination addresses check box in the Filter Properties dialog box.
  17. Click OK, and then click Close.
  18. In the IP Filter List dialog box, click the IP filter that you just created, and then click Next.
  19. In the Filter Action dialog box, click Add.
  20. Choose Custom in IP Traffic Security.
  21. Click Settings and choose MD5 from Integrity Algorithm dropdown box.
  22. Note: This new filter action must have the Accept unsecured communication, but always respond using IPSec feature disabled to improve security.
  23. Click Next, click Finish, and then click Close.
  24. Right-click the IPSec policy that you just created, and then click Assign.

Setp 4: Connect VPN

Now you should be able to connect to Cisco ASA VPN.

Add Feedback