Re: Setting up VPN over IPsec Win2k/Win2k Server

From: Brian E (BrianE_at_discussions.microsoft.com)
Date: 04/07/05


Date: Thu, 7 Apr 2005 11:35:02 -0700

Thank you Steve. Luckily I'm doing this in a test environment, so I'll just
re-image the machines and start from scratch. Again, thank you.

"Steven L Umbach" wrote:

> There are several documents. Keep in mind that the VPN server and VPN client
> both need there own computer certificates with a private key and they need
> to trust the CA that issued the certificates. In other words if you are
> using the same CA, when you open the mmc certificates snapin for computer
> and look in the trusted root CA folder you need to see the CA certificate in
> that folder. If not there you can import it into that folder after you
> export it from the CA computer. Verify that each computer has a computer
> certificate with a private key in it's personal folder. The first page of
> the certificate properties will display if there is a private key or not for
> the certificate.
>
> Also for Windows 2000 as a VPN server, l2tp will NOT work if there is a NAT
> device in the path between the VPN client and the VPN server even if the
> NAT-T update has been installed on both computers as it is a client update
> only. The links below may help. Note you do not set up a VPN over ipsec,
> but you use l2tp that uses ipsec to encrypt the l2tp traffic and you do not
> need to configure any ipsec policy as that is done automatically. The
> biggest problems for l2tp are NAT devices, missing or wrong certicates,
> untrusted certificates, or firewall not being configured to allow l2tp
> traffic to the VPN server. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B259335
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B265112
> http://support.microsoft.com/kb/308208/
>
>
>
> "Brian E" <Brian E@discussions.microsoft.com> wrote in message
> news:3B254A78-F2B3-42E5-9A8F-FBCAD8E4F6AD@microsoft.com...
> >I have been trying relentlessly to setup a VPN server/client setup between
> > two win2k computers without any success.
> >
> > Ive tried installing certificate services, I've tried all the advanced
> > internet settings within the VPN connection window, I've tried creating
> > new
> > certificates, I've tried copying the certificates from PC to PC and it
> > just
> > doesnt want to work.
> >
> > I've googled and googled but to no avail. Is there a site or document that
> > gives the step by step instructions on how to setup a vpn over ipsec?
> >
> > Thanks for the help
>
>
>



Relevant Pages

  • Re: Secure VPN access
    ... with it's security option for the client. ... After getting the VPN connection I check the Ip settings and found the ... point to the head ISP's DNS server. ... > Computer certificates for L2TP/IPSec VPN connections ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN Problem, PC not Authenticating with Server
    ... do you mean you have configured L2TP/IPSec VPN ... is the VPN server, SBS or router? ... 818043 L2TP/IPsec NAT-T update for Windows XP and Windows 2000 ... Computer certificates for L2TP/IPSec VPN connections ...
    (microsoft.public.windows.server.sbs)
  • Re: IAS / RRAS
    ... Install Certificate services ... Configure the VPN connectoid and set it for l2tp connections? ... So you may want to try to do without the IAS server until problems ... > are resolved to rule it out as a problem.As far as certificates, ...
    (microsoft.public.windows.server.networking)
  • RE: vpn woes
    ... Being relatively new to the world of VPN and knowing how scary it can be to ... are out there to have some sort of secondary method of authentication that ... isn't easily duplicated by a hacker... ... issue any certificates if I need to. ...
    (Focus-Microsoft)
  • vpn woes
    ... Being relatively new to the world of VPN and knowing how scary it can be to ... are out there to have some sort of secondary method of authentication that ... isn't easily duplicated by a hacker... ... issue any certificates if I need to. ...
    (Focus-Microsoft)