Enabling the IPsec certificate authentication mechanism on a Windows client

You must enable the IPsec certificate authentication mechanism on a Windows client before you can use IPsec.

Steps

1. Start the Microsoft Management Console (MMC). From the Start menu, choose Run. Then enter mmc.
2. If you have not done so already, add the IP Security Policies on Local Computer snap-in to the MMC.

   From the File menu, choose Add/Remove Snap-in. Then click Add, then select IP Security Policy Management, and click Add. Finally, select Local computer and click Finish.

3. Right-click on IP Security Policies on Local Computer, and then choose Create IP Security Policy.
4. Use the IP Security Policy wizard to create an IPsec policy.
5. In the MMC console, right-click on your new IPsec policy, which is in the IP Security Policies on Local Computer store, and then choose Properties.
6. Choose Add.
7. Use the Security Rule wizard to create a security rule.
8. For the authentication method, select Use a certificate from this certificate authority (CA), choose Browse, and then choose the certificate that you installed previously.