How can I disable IP Security (IPSec) on a VPN connection that uses Layer 2 Tunneling Protocol (L2TP)?

A. Windows automatically creates an IPSec policy for L2TP connections because L2TP doesn't encrypt data. However, you might want to test a VPN L2TP connection without the security of IPSec (e.g., when troubleshooting). Although you must disable IPSec on both the client and server in this situation, make sure you re-enable the security policy after you resolve any problems; otherwise, your systems are vulnerable to attack. To disable IPSec, perform the following steps on both ends of the connection (client and server):

  1. Start a registry editor (e.g., regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters subkey.
  3. From the Edit menu, select New, DWORD Value.
  4. Enter a name of ProhibitIpSec and press Enter.
  5. Double-click the new value, set it to 1, and click OK.
  6. Restart the machine.

For more information, see the Microsoft article "How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication."

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.