You must enable the IPsec certificate authentication mechanism on a Windows client before you can use IPsec.
Steps
- Start the Microsoft Management Console (MMC).
From the Start menu, choose Run. Then enter mmc.
- If you have not done so already, add the IP Security Policies on
Local Computer snap-in to the MMC.
From the File menu, choose Add/Remove Snap-in. Then click Add,
then select IP Security Policy Management, and click Add. Finally, select
Local computer and click Finish.
- Right-click on IP Security Policies on Local Computer, and then
choose Create IP Security Policy.
- Use the IP Security Policy wizard to create an IPsec policy.
- In the MMC console, right-click on your new IPsec policy, which is
in the IP Security Policies on Local Computer store, and then
choose Properties.
- Choose Add.
- Use the Security Rule wizard to create a security rule.
- For the authentication method, select Use a certificate from this
certificate authority (CA), choose Browse, and then choose the
certificate that you installed previously.