CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Ngittins
Junior Member
M
Registered: Nov 2002
Location: Australia
Country: Australia
State:
Certifications: MOUS 2000 Access, Outlook, A+, MCP 70-210 , 70-215, 70-216
Working on: MCSA + MCSE
Total Posts: 20
|
|
 L2tp
Hello,
I'm currently configuring L2TP on my home 2000 test network, PPTP is easy, but L2TP isn't.
I have.
1 Win2000 Server running CA - Root Standalone CA.
1 Win2000 Server running RRAS, configured with VPN.
2 WinPro Clients.
I've configured and installed Server certificate on the RRAS
I've configured and installed Client certificates on the client computers.
For the certificates.
I enabled Key Exchange, size 1024, SHA-1, basically just used the defaults.
Set the RRAS ports to use L2TP, now the VPN server works fine with PPTP, but not with L2TP.
I create the VPN client, set the client up to use L2TP, connect to the VPN server and I receive a message stating that L2TP couldn't establish a connection because there wasn't a certificate to create a secure tunnel.
When you establish a connection via L2TP, the client is meant to use IPSEC by default, with out configuration, is this correct? Either way, if I set up IPSEC, I still cant get this thing to work.
Go figure, so I was wondering have you had much luck with MS L2TP.
Cheers
Nathan
thanks
Nathan
Report this post to a moderator
|
|
 07-25-03 01:26 PM
|
|
jeff_j_black
that's what "THEY" said..
Registered: Jan 2002
Location:
Country: United States
State:
Certifications:
Working on:
Total Posts: 2723
|
|
|
|
07-25-03 03:32 PM
|
|
jeff_j_black
that's what "THEY" said..
Registered: Jan 2002
Location:
Country: United States
State:
Certifications:
Working on:
Total Posts: 2723
|
|
|
From the Win2k Deployment Guide:
quote:
Automatic enrollment does not function unless at least one enterprise CA is online to process certificate requests.
----------
Remote access (dial-up or virtual private network) communications. (For virtual private networks using IPSec with L2TP, remember to set up Group Policy to permit autoenrollment for IPSec computer certificates. For detailed information about computer certificates for L2TP over IPSec VPN connections, see Windows 2000 Help.)
----------
You can specify automatic enrollment and renewal for computer certificates. When automatic enrollment is configured, the specified certificate types are issued to all computers within the scope of the public key Group Policy. Computer certificates issued by automatic enrollment are renewed from the issuing CA. Automatic enrollment does not function unless at least one enterprise CA is online to process certificate requests.
For virtual private networks (VPNs) using IPSec with L2TP, remember to set up Group Policy to permit automatic enrollment for IPSec certificates. In Table 12.2, any Rivest-Shamir-Adleman (RSA)-signed certificate issued to a computer that is stored in the computer account can be used for IPSec. For more information about certificates for L2TP over IPSec VPN connections, see Windows 2000 Server Help.
----------
Certificates are issued for computers within the scope of the Automatic Certificate Request settings of the domain's Group Policy. Administrators can also manually request certificates for local computers with the Certificate Request wizard or the Microsoft Certificate Services Web pages. Consider scheduling manual enrollment in stages to help distribute the administrative workload for computer enrollment.
----------
In some cases, Windows 2000 network security technologies are dependent on other Windows 2000 security technologies. For example, the virtual private networking Layer Two Tunneling Protocol (L2TP) uses IPSec to provide security from the remote client to the VPN server. The IPSec security negotiation requires certificates to authorize the connection. Therefore, a certification server is required with the appropriate configuration. Typically, a Windows 2000 certificate server is joined to a domain. The domain specifies Group Policy with public key infrastructure (PKI) settings for computers to auto-enroll in this certificate authority to get a computer certificate for IPSec. L2TP creates the necessary IPSec policy to ensure the L2TP traffic is secure. However, administrators might want to also secure other traffic between all servers and clients. This requires the configuration of IPSec on each client and server. Because IPSec is configured using a policy, after you create the policy in Active Directory™, you can apply it to all computers on a group or domain basis. You can deploy certificates and IPSec policy to all domain computers by centralized administration using Group Policy in Active Directory.
----------
Report this post to a moderator
|
|
|
07-25-03 03:50 PM
|
|
|
Featured site: MCSE, MCSD, CompTIA, CCNA training videos
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is OFF. |
|
ExamNotes forum archive
|
