Disabling Microsoft L2TP for IPSec in the Windows registry

Description

FortiGate units support L2TP with Microsoft Point-to-Point Encryption (MPPE) encryption only. Later implementations of Microsoft L2TP for Windows use IPSec and require certificates for authentication and encryption. If you want to use Microsoft L2TP with IPSec to connect to a FortiGate unit, the IPSec and certificate elements must be disabled on the remote client.

Components

• Microsoft L2TP with IPSec

Steps or Commands

You can disable the IPSec and certificate elements by editing the Windows 2000 Registry as described in the following steps. See the Microsoft documentation for more information about editing the Windows Registry.

Warning Use caution when editing the Registry. Modifying the Registry incorrectly can cause serious problems. Back up the registry file before proceeding.

1. On the Windows Start menu, select Run.
2. In the Open field, type regedit.
3. Select OK.
4. In the Registry Editor, open the following folder:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters
5. In the right pane, locate the ProhibitIPSec registry value and verify that the Data column for the entry contains a value of 0x00000001 (1).

   Note that if the ProhibitIPSec registry value does not exist, you must add the entry. For details on how to do this, see the Microsoft support article How to configure an L2TP/IPSec connection by using Preshared Key Authentication.

   If the value for ProhibitIPSec is 0x00000000:
   • Right-click the ProhibitIPSec registry value and select Modify.
   • In the Value data field, type 1.
   • Select OK.
6. Exit the Registry Editor to save any changes.