IPSec in Windows XP Home Edition
Because a computer running Windows XP Home Edition cannot be a member of an Active Directory domain and does not include support for the Kerberos V5 protocol, it has the following limitations:
| • | It cannot receive domain-based IPSec policy and participate in an Active Directory managed security environment. A computer running Windows XP Home Edition can only use IPSec policy that is configured on the local computer. |
| • | It cannot use the Kerberos V5 protocol to authenticate secure communications. While this authentication option is available for selection in the IP Security Policies snap-in and is the authentication method selected for default IPSec policies, any attempt by a computer running Windows XP Home Edition to negotiate the Kerberos V5 protocol will result in a negotiation failure. A computer running Windows XP Home Edition can use certificates and preshared key as authentication methods. |
| • | It cannot administer Active Directory-based IPSec policies with the IP Security Policies snap-in. |
IPSec is included so that a computer running Windows XP Home Edition can:
| • | Create remote access Layer Two Tunneling Protocol (L2TP) connections using IPSec to a Windows 2000 VPN server or any other VPN server that supports L2TP/IPSec. No customized or manual configuration of IPSec policy is required for L2TP/IPSec connections. |
| • | Secure specific types of traffic, provide port filtering, or make IPSec tunnel connections. This requires the custom configuration of local IPSec policy and is intended for network administrators and advanced users. |
