How To Configure Windows LP2T/IPsec Client for Cisco VPN

Please follow these steps to configure Windows LP2T/IPsec client for Cisco VPN.

Step 1: Add the ProhibitIpSec Registry Value

  1. Click Start, click Run, type regedt32, and then click OK.
  2. Locate, and then click the following registry subkey:
  3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters 
  4. On the Edit menu, click Add Value.
  5. In the Value Name box, type ProhibitIpSec.
  6. In the Data Type list, click REG_DWORD, and then click OK.
  7. In the Data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer.

Step 2: Create VPN Connection

  1. Click Start, and then click Control Panel.
  2. In Control Panel, double click Network Connections
  3. Click Create a new connection in the Network Tasks task pad
  4. In the Network Connection Wizard, click Next.
  5. Click Connect to the network at my workplace, and then click Next.
  6. Click Virtual Private Network connection, and then click Next.
  7. Type or any other name servers for your "Company Name" box, and then click Next.
  8. Choose "Do not dial the initial connection" in "Public Network"
  9. Put your firwall IP address in "Host Name or IP Address" box.
  10. You are just about done, the rest of the screens just verify your connection, click Next.
  11. Click to select the Add a shortcut to this connection to my desktop check box if you want one, if not, then leave it unchecked and click finish.
  12. In the Network Connections window, right-click the new connection and select properties.
  13. In "Security" tab, choose Advanced (custom settings)
  14. Click "Settings" button
  15. Only leave "Microsoft CHAP (MS-CHAP) checked.
  16. In "Networking" tab, select "L2TP IPSec VPN" in the "Type of VPN" dropdown box.
  17. Click Internet Protocol (TCP/IP) and then click "Properties" button.
  18. Click "Advanced" button
  19. Uncheck "Use default gateway on remote network.

Step 3: Create an IPSec Policy

  1. Click Start, click Run, type mmc, and then click OK.
  2. Click Console, click Add/Remove Snap-in, click Add, click IP Security Policy Management, click Add, click Finish, click Close, and then click OK.
  3. Right-click IP Security Policies on Local Machine, click Create IP Security Policy, and then click Next.
  4. In the IP Security Policy Name dialog box, type the name for the IP Security policy in the Name box, and then click Next.
  5. In the Requests for Secure Communication dialog box, click to clear the Activate the default response rule check box, and then click Next.
  6. Click to select the Edit Properties check box, and then click Finish.
  7. In the New IP Security Policy Properties dialog box, click Add on the Rules tab, and then click Next.
  8. In the Tunnel Endpoint dialog box, click This rule does not specify a tunnel, and then click Next.
  9. In the Network Type dialog box, click All network connections, and then click Next.
  10. In the Authentication Method dialog box, click Use this string to protect the key exchange (preshared key), type a preshared key, and then click Next.
  11. In the IP Filter List dialog box, click Add, type a name for the IP filter list in the Name box, click Add, and then click Next.
  12. In the IP Traffic Source dialog box, choose "My IP Address", and then click Next.
  13. In the IP Traffic Destination dialog box, click A specific IP Address in the Destination address box, type your firewall IP, and then click Next.
  14. In the IP Protocol Type dialog box, click UDP in the Select a protocol type box, and then click Next.
  15. In the IP Protocol Port dialog box, click From this port, type 1701 in the From this port box, click To any port, and then click Next.
  16. Click to select the Edit properties check box, click Finish, and then click to select the Mirrored. Also match packets with the exact opposite source and destination addresses check box in the Filter Properties dialog box.
  17. Click OK, and then click Close.
  18. In the IP Filter List dialog box, click the IP filter that you just created, and then click Next.
  19. In the Filter Action dialog box, click Add
  20. Choose "Custom" in "IP Traffic Security".
  21. Click "Settings" and choose "MD5" from "Integrity Algorithm" dropdown box.
  22. Note This new filter action must have the "Accept unsecured communication, but always respond using IPSec" feature disabled to improve security.
  23. Click Next, click Finish, and then click Close.
  24. Right-click the IPSec policy that you just created, and then click Assign.

Setp 4: Connect VPN

Now you should be able to connect to Cisco ASA VPN.

Other Resources

  1. L2TP Over IPsec Between Windows 2000/XP PC and PIX/ASA 7.2 Using Pre-shared Key Configuration Example
  2. How to configure an L2TP/IPSec connection by using Preshared Key Authentication


Other Knowledgebase Articles

Basic SQL Hosting

# of Domains: 4
# of SQL Server Databases: 4
Disk Space: 50GB
Bandwidth: Unmetered
SQL Server 2016
Monthly: $4.99
More Information About Basic Shared SQL Server Hosting Plan

Express Hyper-V Hosting

Dedicated Memory:2GB
Disk Space: 120GB
Bandwidth: Unmetered
Windows 2016/2012: Free
Monthly: $11.99
More Information About Express Windows Hyper-V Server

Dedicated SQL Server

CPU: Quad-Core X3440 CPU
Disk: 2x120GB SSD + 300GB SATA
Bandwidth: Unmetered
Windows 2016/2012: Free
Monthly: $79.00
More Information About Dedicated SQL Server with SSD
Kubernetes Hosting | Windows VPS Hosting | SQL Server Hosting | ASP.NET Hosting | Windows Hyper-V Hosting | Dedicated SQL Server Hosting | Dedicated Windows Hosting | DNN Hosting
Cloud Application Hosting | MongoDB Hosting | CockroachDB Hosting | MySQL Hosting | MariaDB Hosting | Wordpress Hosting | Magento Hosting | Drupal Hosting | PostgreSQL Hosting | OpenCart Hosting | Redis Hosting | SQL Server Cloud Hosting