Re: Creating IPSec Policy for Pre-Share Key in VPN not working.
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/25/05
- Previous message: Sean: "Access Deined event logs"
- In reply to: Pr3z: "Re: Creating IPSec Policy for Pre-Share Key in VPN not working."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Oct 2005 13:32:47 -0500
You need to configure the pre-shared key in the Remote Access Management
console in the properties of the server in the security page - allow custom
ipsec policy for l2tp. However this will only work for XP Pro/W2003
computers if using the built in VPN client for l2tp where the PSK is
configured in the connectoid properties in the security page - ipsec
settings. For Windows 2000 and Windows 98 computers you will need to use
pptp or use l2tp with certificates in which case all your operating systems
would work. Windows 2003 Server can easily become a Certificate Authority
to issue computer certificates that are needed for both the client and VPN
server for l2tp. Without a computer certificate a computer could not access
your VPN server [assuming pre-shared is disabled on the VPN server] if it
was the only VPN method accepted which you can configure in Remote Access
Policy. L2tp is very secure since it requires both user and computer
authentication to access your VPN server. The link below has articles on
VPN that may help. -- Steve
http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
"Pr3z" <jboysen@gmail.com> wrote in message
news:1130249201.596201.35050@z14g2000cwz.googlegroups.com...
> Well the VPN works as long as I disbale it to negotiate security on the
> new policy. You still have to have a user/pass to get into the VPN and
> it works fine. The firewall is open on the ports it needs to be to
> allow traffic to the server for the VPN. A third-party handles the
> firewall right now whcih is about to change.
>
> We are mailly setting up the VPN so users can map the network drives
> from home and access the files on it and thats all. We have a couple 98
> machines that need to connect so using the pre-share key would be nice.
>
> We are not using NAT right now. Every machines has a static IP here
> which is about to change as a cisco pix is route.
>
> I guese I am lost, I'm just needing to add a pre-share key so when a
> user tries to remote access the server it requires the pre-share key or
> it locks them out, and I cannot find any Server 2003 help or how-to on
> this.
>
- Previous message: Sean: "Access Deined event logs"
- In reply to: Pr3z: "Re: Creating IPSec Policy for Pre-Share Key in VPN not working."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
