Re: IPSEC\L2TP issue

From: Kati (anonymous_at_discussions.microsoft.com)
Date: 08/04/04


Date: Wed, 4 Aug 2004 12:43:55 -0700

Thanx Mike!! - I'll check the error and re-post.
>-----Original Message-----
>Hi Kati,
>
>If you double click the certificate what does it say
under Certificate
>Information? Does client PC (at home) trust this
certificate? Did you
>install RootCA public certificate so that client would
trust this
>certificate? In domain you don't have to do this if you
have Enterprise
>CA...
>
>What is the error that you get if client tries to
connect?
>
>Mike
>
>
>"Kati" <anonymous@discussions.microsoft.com> wrote in
message
>news:c40501c47a44$1e5331b0$a301280a@phx.gbl...
>> If a fully AD-controlled computer inside the network
gets
>> a certificate, it can connect using IPSEC/L2TP just
fine,
>> but there seems to be no way to give a certificate to
an
>> uncontrolled computer (e.g., one owned by an otherwise
>> authenticated user at his home) that would allow a
>> connection.
>>
>> So far I have found no way to produce a certificate for
>> such a user that would be honored by the RAS server.
>>
>
>
>.
>



Relevant Pages

  • Re: Checkpoint smart defance as IPS
    ... *any* SSL/TLS communication without tampering anything on the client ... website a client visits on-the-fly. ... don't have private key for the certificate on that website. ...
    (Security-Basics)
  • Re: Enabling guest wi-fi access w/ IAS & Cisco APs ... ?
    ... > client insisting that they could not connect because a valid ... > certificate could not be found. ... meaning that tha client computer attempts to authenticate the IAS server. ... because it does not trust the CA that issued the IAS server cert. ...
    (microsoft.public.internet.radius)
  • Re: Checkpoint smart defance as IPS
    ... *any* SSL/TLS communication without tampering anything on the client ... website a client visits on-the-fly. ... don't have private key for the certificate on that website. ...
    (Security-Basics)
  • Re: Cannot request computer certificate.
    ... >problem since you can not request a certificate while logged onto the CA. ... Verify that you can ping it by name and IP address from the client ... >> Kerberos, or dns. ... >> List of NetBt transports currently bound to the Redir ...
    (microsoft.public.windows.server.security)
  • Re: The message must contain a wsa:To header
    ... My client app is not generating a trace file. ... the client is not applying the WSE policy at all because of an ... at ApplicationMessagingWS.Dispatch(String messageType, String ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)