L2TP/IPSec Registry Settings (Compact 2013)
3/26/2014
You can use the registry to configure some of the IP Security Protocol (IPSec) parameters used by Layer Two Tunneling Protocol (L2TP).
To configure the encryption options for IPSec, set the value of type REG_DWORD for the HKEY_LOCAL_MACHINE\Comm\L2TP1\Parms\IpSecEncryption key. The following table shows the possible values of this key.
Value |
Description |
|---|---|
1 |
Request no encryption. A NULL-encryption Encapsulating Security Payloads (ESP) is negotiated. |
2 |
Request encryption, but a connection will be established without encryption. |
3 |
Require high or low-strength encryption. This is the default setting. |
4 |
Require low-strength encryption. 3DES and DH 2048 are both disabled. |
5 |
Require maximum-strength encryption. DES and DH 768 are both disabled. |
If this registry value is not set, the default is 3. This is appropriate for most connections.
Note
You should only disable IPSec for troubleshooting purposes. Setting the UseIpSec key to 0 requires corresponding settings on the server.