A. Windows automatically creates an IPSec policy for L2TP connections because L2TP doesn't encrypt data. However, you might want to test a VPN L2TP connection without the security of IPSec (e.g., when troubleshooting). Although you must disable IPSec on both the client and server in this situation, make sure you re-enable the security policy after you resolve any problems; otherwise, your systems are vulnerable to attack. To disable IPSec, perform the following steps on both ends of the connection (client and server):
- Start a registry editor (e.g., regedit.exe).
- Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters subkey.
- From the Edit menu, select New, DWORD Value.
- Enter a name of ProhibitIpSec and press Enter.
- Double-click the new value, set it to 1, and click OK.
- Restart the machine.
For more information, see the Microsoft article "How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication."