Windows 2008 RRAS VPN L2TP with Preshared Key IPsec creation

Published on
28,365 Points
1 Endorsement
Last Modified:
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wireless card to connect to the Internet and when he did he was not able to VPN into our network.  When I looked at this connection, it showed that the Virgin Broadband Wireless card connects via PPP.  This type of connection canceled out the PPTP protocol on his client, and since he was on Windows XP, there were only two types of protocols to choose from while using the Windows client.  Those two protocols are PPTP and L2TP IPsec.

This article will show the proper way in creating the L2TP IPsec protocol in Windows 2008 RRAS Server and a Windows 7 and/or Windows XP SP2 client.  

In the RRAS Server, right click on the name of your VPN server and go to properties.
Click on the Security tab and check “Allow custom IPsec policy for L2TP connection”. Create a Preshared Key, be sure to remember it, and then hit OK.  

Setting up the L2TP on the server end
Restart the RRAS server by right clicking on the name of the RRAS server again and clicking All Tasks and Restart.

Using Windows 7 VPN client, go to the properties and select the Security tab.  On Type of VPN, select Layer 2 Tunneling Protocol with IPsec and then select the Advanced Settings tab.  Check Use Preshared Key For Authentication and type in the password you set on the server side then hit OK.

Windows 7 L2TP settings
Using Windows XP VPN client, select Properties and go to the Networking tab.  In Type of VPN, select L2TP IPsec VPN.  Click on the Security tab next and on the bottom select IPSec Settings. Check Use pre-shared Key For Authentication and enter in the key set on the server.  

 Windows XP L2TP IPSec settings
There’s one more step that you’ll need to do on either the Windows 7 box and/or the Windows XP box.  You’ll have to configure your registry if the RRAS server is behind a NAT device.  Once you make the configuration you‘ll restart your computer and the L2TP connection will work.  Microsoft has a well detailed article on the registry settings you will need to make below.


That's it.  Your L2TP connection should now be established after you reboot your computer.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free