Windows Vista - http://www.vistaarticles.com
Configure Verification of Additional Fields
http://www.vistaarticles.com/articles/200/1/Configure-Verification-of-Additional-Fields
By 
Published on 12/9/2006
 
How to configure verification of additional fields in peer certificates during IKE negotiation for L2TP IPsec tunnel connections in Windows Vista

Configure Verification of Additional Fields

Method 1: Use the rasapi32 RASENTRY structure
A new flag that is named RASEO2_DisableIKENameEkuCheck has been added to the dwfOptions2 member of the RASENTRY structure. If this flag is set to 1, additional checks that occur during IKE validation are not performed. A software developer can create a virtual private network (VPN) dialer that uses this flag to disable additional checks.

Method 2: Use the Connection Manager Administration Kit
When you use the Connection Manager Administration Kit (CMAK) Wizard to create a Connection Manager VPN dialer profile, additional checks that occur during IKE validation can be disabled. A new key that is named DisableIKENameEkuCheck is added when you use the CMAK Wizard's Advance Customization option to create a profile. This key is added in the "[Networking&TunnelDUN]" section of the .cms file. If the value of the key is set to 1, additional checks for the profile are disabled.

Method 3: Use the Network Connections window
When you use the Set Up A Connection Or Network Wizard in Windows Vista to create a VPN dialer, you can use the Properties dialog box for the dialer to disable additional checks. To do this, use the Verify name and usage attributes of the serverís certificate check box. To locate this check box, follow these steps: 1. Click Start , and then click Connect to.
2. Right-click the VPN connection, and then click Properties.
3. Click the Networking tab, and then click IPsec Settings.
4. Click User certificate for authentication. The Verify name and usage attributes of the serverís certificate check box is now available.
When you change this setting, the DisableIKENameEKUCheck key in the Rasphone.pbk file is changed. When you disable additional checks, the value of the key is set to 1. When you enable additional checks, the value of the key is set to 0.