Re: Setting up VPN over IPsec Win2k/Win2k Server

From: Brian E (BrianE_at_discussions.microsoft.com)
Date: 04/07/05


Date: Thu, 7 Apr 2005 11:35:02 -0700

Thank you Steve. Luckily I'm doing this in a test environment, so I'll just
re-image the machines and start from scratch. Again, thank you.

"Steven L Umbach" wrote:

> There are several documents. Keep in mind that the VPN server and VPN client
> both need there own computer certificates with a private key and they need
> to trust the CA that issued the certificates. In other words if you are
> using the same CA, when you open the mmc certificates snapin for computer
> and look in the trusted root CA folder you need to see the CA certificate in
> that folder. If not there you can import it into that folder after you
> export it from the CA computer. Verify that each computer has a computer
> certificate with a private key in it's personal folder. The first page of
> the certificate properties will display if there is a private key or not for
> the certificate.
>
> Also for Windows 2000 as a VPN server, l2tp will NOT work if there is a NAT
> device in the path between the VPN client and the VPN server even if the
> NAT-T update has been installed on both computers as it is a client update
> only. The links below may help. Note you do not set up a VPN over ipsec,
> but you use l2tp that uses ipsec to encrypt the l2tp traffic and you do not
> need to configure any ipsec policy as that is done automatically. The
> biggest problems for l2tp are NAT devices, missing or wrong certicates,
> untrusted certificates, or firewall not being configured to allow l2tp
> traffic to the VPN server. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B259335
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B265112
> http://support.microsoft.com/kb/308208/
>
>
>
> "Brian E" <Brian E@discussions.microsoft.com> wrote in message
> news:3B254A78-F2B3-42E5-9A8F-FBCAD8E4F6AD@microsoft.com...
> >I have been trying relentlessly to setup a VPN server/client setup between
> > two win2k computers without any success.
> >
> > Ive tried installing certificate services, I've tried all the advanced
> > internet settings within the VPN connection window, I've tried creating
> > new
> > certificates, I've tried copying the certificates from PC to PC and it
> > just
> > doesnt want to work.
> >
> > I've googled and googled but to no avail. Is there a site or document that
> > gives the step by step instructions on how to setup a vpn over ipsec?
> >
> > Thanks for the help
>
>
>