L2TP/Ipsec on RRAS

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Guest
Archived from groups: microsoft.public.win2000.setup,microsoft.public.windows.server.general,microsoft.public.windows.server.setup (More info?)

Hello

In our organization we installed RRAS VPN server (on Windows 2003).
We want to use L2TP/IPsec, so I enabled option 'allow custom IPsec policy
for L2TP connection' and entered pre-shared key.

Is it possible to use L2TP/IPsec connection without pre-shared key based
only on certificates?
Can anyone please explain me what is the procedure to configure RRAS server
to accept connections only from clients that have certificates (we have CA
already installed in our local domain).
Any guides or answers will be welcome

Best regards
Miha
 
Archived from groups: microsoft.public.win2000.setup,microsoft.public.windows.server.general,microsoft.public.windows.server.setup (More info?)

As this is a common problem, that also firewall admins have, I believe the
topic has been discussed in regards to ISA Server on www.isaserver.org.
Havent read more than the title of this article, but it seems relevant at
least:

Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to
accept inbound nat-t L2TP/IPSec calls
http://www.isaserver.org/tutorials/natt2003.html

// Henrik


"Miha" <miha.bernik@isg.si> wrote in message
news:ue1xFNrYFHA.2664@TK2MSFTNGP15.phx.gbl...
>
> Hello
>
> In our organization we installed RRAS VPN server (on Windows 2003).
> We want to use L2TP/IPsec, so I enabled option 'allow custom IPsec policy
> for L2TP connection' and entered pre-shared key.
>
> Is it possible to use L2TP/IPsec connection without pre-shared key based
> only on certificates?
> Can anyone please explain me what is the procedure to configure RRAS
server
> to accept connections only from clients that have certificates (we have CA
> already installed in our local domain).
> Any guides or answers will be welcome
>
> Best regards
> Miha
>
>
>
 
Archived from groups: microsoft.public.win2000.setup,microsoft.public.windows.server.general,microsoft.public.windows.server.setup (More info?)

Thanks, but this is all related to ISA server.
We want to establish a L2TP/IPsec with certificates VPN on a Win2003 Server
behind Linux firewall.
I configured FW for passing-through L2TP/IPsec traffic, now we need to
implement certificates for clients who wants to connects to RRAS
VPN, so that RRAS will only accept connections from clients that have
certificates installed.
Any ideas how?

Regards
Miha

"Henrik" <henrik_the_boss@hotmail.com> je napisal v sporoèilo
news:ek6WvGsYFHA.712@TK2MSFTNGP14.phx.gbl ...
>
> As this is a common problem, that also firewall admins have, I believe the
> topic has been discussed in regards to ISA Server on www.isaserver.org.
> Havent read more than the title of this article, but it seems relevant at
> least:
>
> Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to
> accept inbound nat-t L2TP/IPSec calls
> http://www.isaserver.org/tutorials/natt2003.html
>
> // Henrik
>
>
> "Miha" <miha.bernik@isg.si> wrote in message
> news:ue1xFNrYFHA.2664@TK2MSFTNGP15.phx.gbl...
>>
>> Hello
>>
>> In our organization we installed RRAS VPN server (on Windows 2003).
>> We want to use L2TP/IPsec, so I enabled option 'allow custom IPsec policy
>> for L2TP connection' and entered pre-shared key.
>>
>> Is it possible to use L2TP/IPsec connection without pre-shared key based
>> only on certificates?
>> Can anyone please explain me what is the procedure to configure RRAS
> server
>> to accept connections only from clients that have certificates (we have
>> CA
>> already installed in our local domain).
>> Any guides or answers will be welcome
>>
>> Best regards
>> Miha
>>
>>
>>
>
>
>
 
Archived from groups: microsoft.public.win2000.setup,microsoft.public.windows.server.general,microsoft.public.windows.server.setup (More info?)

Sorry, can't help you there.

Since we sometimes work out in the field, and then often don't have our
computers, but use the customers' computers, we need can't use L2PT, as we
can't install certificates on their computers so that we can VPN into our
offices if we need to. So we only use PPTP.

// Henrik

"Miha" <miha.bernik@isg.si> wrote in message
news:uPuTGNsYFHA.3280@TK2MSFTNGP09.phx.gbl...
>
> Thanks, but this is all related to ISA server.
> We want to establish a L2TP/IPsec with certificates VPN on a Win2003
Server
> behind Linux firewall.
> I configured FW for passing-through L2TP/IPsec traffic, now we need to
> implement certificates for clients who wants to connects to RRAS
> VPN, so that RRAS will only accept connections from clients that have
> certificates installed.
> Any ideas how?
>
> Regards
> Miha
>
> "Henrik" <henrik_the_boss@hotmail.com> je napisal v sporoèilo
> news:ek6WvGsYFHA.712@TK2MSFTNGP14.phx.gbl ...
> >
> > As this is a common problem, that also firewall admins have, I believe
the
> > topic has been discussed in regards to ISA Server on www.isaserver.org.
> > Havent read more than the title of this article, but it seems relevant
at
> > least:
> >
> > Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to
> > accept inbound nat-t L2TP/IPSec calls
> > http://www.isaserver.org/tutorials/natt2003.html
> >
> > // Henrik
> >
> >
> > "Miha" <miha.bernik@isg.si> wrote in message
> > news:ue1xFNrYFHA.2664@TK2MSFTNGP15.phx.gbl...
> >>
> >> Hello
> >>
> >> In our organization we installed RRAS VPN server (on Windows 2003).
> >> We want to use L2TP/IPsec, so I enabled option 'allow custom IPsec
policy
> >> for L2TP connection' and entered pre-shared key.
> >>
> >> Is it possible to use L2TP/IPsec connection without pre-shared key
based
> >> only on certificates?
> >> Can anyone please explain me what is the procedure to configure RRAS
> > server
> >> to accept connections only from clients that have certificates (we have
> >> CA
> >> already installed in our local domain).
> >> Any guides or answers will be welcome
> >>
> >> Best regards
> >> Miha
> >>
> >>
> >>
> >
> >
> >
>
>
>
 
Archived from groups: microsoft.public.win2000.setup,microsoft.public.windows.server.general,microsoft.public.windows.server.setup (More info?)

Thanks.
Regards
Miha

"Henrik" <henrik_the_boss@hotmail.com> je napisal v sporoèilo
news:%23$VTzVsYFHA.2520@TK2MSFTNGP09.phx.gbl ...
>
> Sorry, can't help you there.
>
> Since we sometimes work out in the field, and then often don't have our
> computers, but use the customers' computers, we need can't use L2PT, as we
> can't install certificates on their computers so that we can VPN into our
> offices if we need to. So we only use PPTP.
>
> // Henrik
>
> "Miha" <miha.bernik@isg.si> wrote in message
> news:uPuTGNsYFHA.3280@TK2MSFTNGP09.phx.gbl...
>>
>> Thanks, but this is all related to ISA server.
>> We want to establish a L2TP/IPsec with certificates VPN on a Win2003
> Server
>> behind Linux firewall.
>> I configured FW for passing-through L2TP/IPsec traffic, now we need to
>> implement certificates for clients who wants to connects to RRAS
>> VPN, so that RRAS will only accept connections from clients that have
>> certificates installed.
>> Any ideas how?
>>
>> Regards
>> Miha
>>
>> "Henrik" <henrik_the_boss@hotmail.com> je napisal v sporoèilo
>> news:ek6WvGsYFHA.712@TK2MSFTNGP14.phx.gbl ...
>> >
>> > As this is a common problem, that also firewall admins have, I believe
> the
>> > topic has been discussed in regards to ISA Server on
>> > www.isaserver.org.
>> > Havent read more than the title of this article, but it seems relevant
> at
>> > least:
>> >
>> > Configuring Windows Server 2003-based ISA Server Firewall/VPN Server to
>> > accept inbound nat-t L2TP/IPSec calls
>> > http://www.isaserver.org/tutorials/natt2003.html
>> >
>> > // Henrik
>> >
>> >
>> > "Miha" <miha.bernik@isg.si> wrote in message
>> > news:ue1xFNrYFHA.2664@TK2MSFTNGP15.phx.gbl...
>> >>
>> >> Hello
>> >>
>> >> In our organization we installed RRAS VPN server (on Windows 2003).
>> >> We want to use L2TP/IPsec, so I enabled option 'allow custom IPsec
> policy
>> >> for L2TP connection' and entered pre-shared key.
>> >>
>> >> Is it possible to use L2TP/IPsec connection without pre-shared key
> based
>> >> only on certificates?
>> >> Can anyone please explain me what is the procedure to configure RRAS
>> > server
>> >> to accept connections only from clients that have certificates (we
>> >> have
>> >> CA
>> >> already installed in our local domain).
>> >> Any guides or answers will be welcome
>> >>
>> >> Best regards
>> >> Miha
>> >>
>> >>
>> >>
>> >
>> >
>> >
>>
>>
>>
>
>
>