Re: VPNing with L2TP/IPSec
From: J.C. Hornbeck [MSFT] (jchornbe_at_online.microsoft.com)
Date: 03/30/04
- Previous message: Nick Ivanov: "Re: VPNing with L2TP/IPSec"
- In reply to: Nick Ivanov: "Re: VPNing with L2TP/IPSec"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 30 Mar 2004 14:26:47 -0600
Technically the RRAS doesn't need a server authentication certificate, it
needs a client authentication certificate. That doesn't mean that the
presence of a server authentication certificate will cause a connection
failure even though a client authentication certificate exists.
-- J.C. Hornbeck, MCSE Microsoft Product Support NOTE: Please reply to the newsgroup and not directly to me. This allows others to add to and benefit from these threads and also helps to ensure a more timely response. Thank you! This posting is provided "AS IS" without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability or fitness for a particular purpose. You can have a server "Nick Ivanov" <dont@even.try.it> wrote in message news:4069d548$0$11588$636a15ce@news.free.fr... > > I see you are saying you need a "client authentication" certificate on both > RRAS and VPN client. But which one should not have a "server > authentication" certificate? I have a machine certificate on the server. Is > this not right? > > > "J.C. Hornbeck [MSFT]" <jchornbe@online.microsoft.com> wrote in message > news:ud1jJcaFEHA.3372@TK2MSFTNGP10.phx.gbl... > > For an L2TP connection you actually need a client authentication > certificate > > on both the RRAS and the VPN client. If you install a server > authentication > > certificate then you'll get this error. It's kind of counter intuitive > but > > that's how it works. > > > > -- > > J.C. Hornbeck, MCSE > > Microsoft Product Support > > > > NOTE: Please reply to the newsgroup and not directly to me. This allows > > others to add to and benefit from these threads and also helps to ensure a > > more timely response. Thank you! > > > > This posting is provided "AS IS" without warranty either expressed or > > implied, including, but not limited to, the implied warranties of > > merchantability or fitness for a particular purpose. > > > > > > "Nick Ivanov" <dont@even.try.it> wrote in message > > news:4064a57d$0$8940$636a15ce@news.free.fr... > > > > > > Hello all. > > > > > > I have a VPN server running Win 2K3 Enterprise Edition and a client > > running > > > Windows XP. > > > I am using PPTP at the moment but I would like to use L2TP/IPSec. I have > > > installed the > > > certificate service and created a machine and a client authentication > > > certificate. Then I > > > exported these to a floppy disk and imported them into the client, I do > > not > > > want to use > > > the "crtsrv" and IIS to create certificates for clients. I modified the > > > connection settings to > > > use EAP and made the appropriate changes. Now when I try to connect, > > > however, I get > > > a dialogue saying > > > > > > "Error 798: a certificate could not be found that can be used with this > > > Extensible Authentication Protocol" > > > > > > Do I have the certificates in the wrong place? Any other ideas? Is there > a > > > documented > > > example of how to do this somewhere? (I have some from Microsoft site). > Is > > > there a > > > way to get more detailed feedback of the authentication process which > may > > > give me > > > more clues as to what is going wrong? > > > > > > > > > > > > Thanks in advance > > > Nick > > > > > > > > > > > >
- Previous message: Nick Ivanov: "Re: VPNing with L2TP/IPSec"
- In reply to: Nick Ivanov: "Re: VPNing with L2TP/IPSec"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
