Windows 2000 configuration

Windows 2000 Professional, Server or Advanced Server may act as a Windows 2000 L2TP/IPSec client to a gateway server. The steps for configuring the Windows 2000 side of this follow. To install a certificate on the Windows 2000 PC using a Windows 2000 Microsoft CA, connect to a CA server and get a certificate. This involves pointing a browser at the CA server with the URL <IP address>/certsrv.

1. Choose Request a Certificate.
2. Choose Advanced request.
3. Submit a certificate request to this CA using a form.
4. On the form provide the identifying information. This becomes the subject DN in the certificate that is entered on the gateway IPSec transport account.
5. Choose IPSec Certificate as the Intended Purpose.
6. Select Use local machine store under Key Options.
7. When the certificate has been issued at the CA server, return to the first page.
8. Choose Check on a pending certificate.
9. Click Install this certificate. This installs the certificate in the local computer certificate store. To view this store, run the mmc command from the StartRun prompt. Select ConsoleAdd/Remove Snap-in. From the list of snap-ins, choose Certificates and select Computer account. At the console, expand PersonalCertificates under Certificates (Local Computer). The installed certificate should appear. Clicking on it brings up an information window that indicates its validity and that a private key exists for this certificate.

To install the CA server certificate for the Windows 2000:

1. If the gateway's certificate was issued by a different CA, that server's certificate should also be installed. For the Microsoft CA, go back to the home page and select Retrieve the CA certificate or certificate revocation list.
2. Click on the Install this CA certification path. This installs the CA certificate as a trusted CA, which can be seen in mmc under Trusted Root CertificatesCertificates.

To set up the dial-up networking entry to use L2TP over IPSec:

1. Click on My Computer and click on Network and Dial-up Connections. Click on Make New Connection.
2. Choose Connect to a private network through the Internet for the network connection type.
3. Enter the interface address of the gateway server.
4. Edit the properties of this new connection and select the Networking tab. Change the Type of VPN server to L2TP.
5. Connect to the gateway using the L2TP user ID and password entered on the gateway. The certificate installed previously is automatically used to set up the IPSec transport connection.