Re: Setting up VPN over IPsec Win2k/Win2k Server
From: Brian E (BrianE_at_discussions.microsoft.com)
Date: Thu, 7 Apr 2005 11:35:02 -0700
Thank you Steve. Luckily I'm doing this in a test environment, so I'll just
re-image the machines and start from scratch. Again, thank you.
"Steven L Umbach" wrote:
> There are several documents. Keep in mind that the VPN server and VPN client
> both need there own computer certificates with a private key and they need
> to trust the CA that issued the certificates. In other words if you are
> using the same CA, when you open the mmc certificates snapin for computer
> and look in the trusted root CA folder you need to see the CA certificate in
> that folder. If not there you can import it into that folder after you
> export it from the CA computer. Verify that each computer has a computer
> certificate with a private key in it's personal folder. The first page of
> the certificate properties will display if there is a private key or not for
> the certificate.
> Also for Windows 2000 as a VPN server, l2tp will NOT work if there is a NAT
> device in the path between the VPN client and the VPN server even if the
> NAT-T update has been installed on both computers as it is a client update
> only. The links below may help. Note you do not set up a VPN over ipsec,
> but you use l2tp that uses ipsec to encrypt the l2tp traffic and you do not
> need to configure any ipsec policy as that is done automatically. The
> biggest problems for l2tp are NAT devices, missing or wrong certicates,
> untrusted certificates, or firewall not being configured to allow l2tp
> traffic to the VPN server. --- Steve
> "Brian E" <Brian E@discussions.microsoft.com> wrote in message
> >I have been trying relentlessly to setup a VPN server/client setup between
> > two win2k computers without any success.
> > Ive tried installing certificate services, I've tried all the advanced
> > internet settings within the VPN connection window, I've tried creating
> > new
> > certificates, I've tried copying the certificates from PC to PC and it
> > just
> > doesnt want to work.
> > I've googled and googled but to no avail. Is there a site or document that
> > gives the step by step instructions on how to setup a vpn over ipsec?
> > Thanks for the help