Re: Setting up VPN over IPsec Win2k/Win2k Server
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/07/05
- Next message: Frank Saunders, MS-MVP IE/OE: "Re: Local Sam"
- Previous message: Steven L Umbach: "Re: Permissions in Domain Local group"
- In reply to: Brian E: "Setting up VPN over IPsec Win2k/Win2k Server"
- Next in thread: Brian E: "Re: Setting up VPN over IPsec Win2k/Win2k Server"
- Reply: Brian E: "Re: Setting up VPN over IPsec Win2k/Win2k Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 7 Apr 2005 13:10:13 -0500
There are several documents. Keep in mind that the VPN server and VPN client
both need there own computer certificates with a private key and they need
to trust the CA that issued the certificates. In other words if you are
using the same CA, when you open the mmc certificates snapin for computer
and look in the trusted root CA folder you need to see the CA certificate in
that folder. If not there you can import it into that folder after you
export it from the CA computer. Verify that each computer has a computer
certificate with a private key in it's personal folder. The first page of
the certificate properties will display if there is a private key or not for
the certificate.
Also for Windows 2000 as a VPN server, l2tp will NOT work if there is a NAT
device in the path between the VPN client and the VPN server even if the
NAT-T update has been installed on both computers as it is a client update
only. The links below may help. Note you do not set up a VPN over ipsec,
but you use l2tp that uses ipsec to encrypt the l2tp traffic and you do not
need to configure any ipsec policy as that is done automatically. The
biggest problems for l2tp are NAT devices, missing or wrong certicates,
untrusted certificates, or firewall not being configured to allow l2tp
traffic to the VPN server. --- Steve
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B259335
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B265112
http://support.microsoft.com/kb/308208/
"Brian E" <Brian E@discussions.microsoft.com> wrote in message
news:3B254A78-F2B3-42E5-9A8F-FBCAD8E4F6AD@microsoft.com...
>I have been trying relentlessly to setup a VPN server/client setup between
> two win2k computers without any success.
>
> Ive tried installing certificate services, I've tried all the advanced
> internet settings within the VPN connection window, I've tried creating
> new
> certificates, I've tried copying the certificates from PC to PC and it
> just
> doesnt want to work.
>
> I've googled and googled but to no avail. Is there a site or document that
> gives the step by step instructions on how to setup a vpn over ipsec?
>
> Thanks for the help
- Next message: Frank Saunders, MS-MVP IE/OE: "Re: Local Sam"
- Previous message: Steven L Umbach: "Re: Permissions in Domain Local group"
- In reply to: Brian E: "Setting up VPN over IPsec Win2k/Win2k Server"
- Next in thread: Brian E: "Re: Setting up VPN over IPsec Win2k/Win2k Server"
- Reply: Brian E: "Re: Setting up VPN over IPsec Win2k/Win2k Server"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
