Using IPSec with pre-shared keys


Windows XP can be configured to use IPSec with pre-shared keys. This guide explains how it can be impremented at no cost.



You should have a basic knowledge of Windows and using the command prompt.

Windows XP Special Pack 2 should be installed.

Installing ipseccmd.exe

Download the Windows Support Tools for SP2 from the Microsoft website and install it. A command line tool, namely ipseccmd.exe, is included and it can be used to set up VPN tunnels using IPSec.


Download the ipseces.msc MMC snap-in and double-click on it to add IPSec Policy Management functionality.


In the example below, we will set up a VPN tunnel using ESP, 3DES and SHA. is the IP address of our computer. is the subnet of the remote LAN. is the IP address of the VPN gateway.
Our password is the word secret.

Type in the following three commands to set up the VPN tunnel:

  • ipseccmd -u
  • ipseccmd -f 0= -n ESP[3DES,SHA] -t -a P:"secret" -1s 3DES-SHA-2 -r vpn
  • ipseccmd -f -n ESP[3DES,SHA] -t -a P:"secret" -1s 3DES-SHA-2 -r vpn

The VPN tunnel is established when we access the subnet range. We can, for example, ping to bring up the VPN tunnel.


If you have any comments, you can contact the author here.