ipsec w/certificates
From: dan (anonymous_at_discussions.microsoft.com)
Date: 06/08/04
- Next message: Chris Hayes: "Consolidated Logging - Win2K/3 Servers & Network Intelligence"
- Previous message: Chris Hayes: "Windows 2003 Enterprise CA & Restored State"
- Next in thread: Steven L Umbach: "Re: ipsec w/certificates"
- Reply: Steven L Umbach: "Re: ipsec w/certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Jun 2004 09:16:03 -0700
What I'm trying to do: Create an IPSEC trust in transport mode, using certificates as the mode of authentication. I'm attempting to do this on a LAN between two hosts. NAT is not an issue.
What I've done:
- Successfully created the trust using a preshared secret (password) just to make sure that IPSEC was working. (note: this was just a test step, I am going to disable the preshared pw because I want to use certs)
- Used openssl to generate a CA (I used the canned CA.sh script)
- Generated certificates for the two hosts.
- Imported the CA certificate to each host.
- Imported the respective cert to each host.
- Changed the authentication mode to certificates.
- Assigned the ipsec policies.
when I ping, it shows that the nodes are negotiating but never connect (this was working in pw mode). Nor can I use any of the services between the host (http, ftp, etc. -- also working in pw moded).
What could I be forgetting/missing? Also, I can't seem to locate any obvious errors in the event logs --- is there another place I can look for info?
Thanks,
Dan
- Next message: Chris Hayes: "Consolidated Logging - Win2K/3 Servers & Network Intelligence"
- Previous message: Chris Hayes: "Windows 2003 Enterprise CA & Restored State"
- Next in thread: Steven L Umbach: "Re: ipsec w/certificates"
- Reply: Steven L Umbach: "Re: ipsec w/certificates"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
