Re: RAS and etokens
From: stan (no_at_email.com)
Date: 03/28/04
- Next message: Bill Grant: "Re: VPN server behind router that performs NAT"
- Previous message: Egbert Nierop \(MVP for IIS\): "VPN server behind router that performs NAT"
- In reply to: William Wang[MSFT]: "Re: RAS and etokens"
- Next in thread: William Wang[MSFT]: "Re: RAS and etokens"
- Reply: William Wang[MSFT]: "Re: RAS and etokens"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 27 Mar 2004 19:49:04 -0500
Running a sonicwall which was breaking the GRE packet. They have no
direction option to pass this packet but I worked with their tech support to
resolve the issue. Thanks for the followup. You're looking into my other
issue from another group "domains" realted to this project.
Need to have users login to domain a which hosts the VPN server and access
drives etc in domain b (their home domain) without having to submit username
and password each time the map a drive etc. Have already setup 2way trust to
no avail. Isn't this the whole idea behind trusts?
"William Wang[MSFT]" <v-rxwang@online.microsoft.com> wrote in message
news:yjoFlv8EEHA.1988@cpmsftngxa06.phx.gbl...
> Hi Stan,
>
> I'm just checking to see if disabling the firewall made any difference. If
> you have any questions or concerns, please don't hesitate to let us know.
>
> Sincerely,
>
> William Wang
> Microsoft Online Support Engineer
>
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via
> your newsreader so that others may learn and benefit
> from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> --------------------
> >X-Tomcat-ID: 405066828
> >References: <#IUQbi2DEHA.3748@TK2MSFTNGP11.phx.gbl>
> <oasr50pq8vv9jb73h253qbbvs72fl1u4v3@4ax.com>
> <#Tql9P4DEHA.3372@TK2MSFTNGP10.phx.gbl>
> <1CZT5DCEEHA.1196@cpmsftngxa06.phx.gbl>
> <#2cTAhHEEHA.2628@TK2MSFTNGP11.phx.gbl>
> >MIME-Version: 1.0
> >Content-Type: text/plain
> >Content-Transfer-Encoding: 7bit
> >From: v-rxwang@online.microsoft.com (William Wang[MSFT])
> >Organization: Microsoft
> >Date: Wed, 24 Mar 2004 13:51:32 GMT
> >Subject: Re: RAS and etokens
> >X-Tomcat-NG: microsoft.public.win2000.ras_routing
> >Message-ID: <EZbPqcaEEHA.1196@cpmsftngxa06.phx.gbl>
> >Newsgroups: microsoft.public.win2000.ras_routing
> >Lines: 145
> >Path: cpmsftngxa06.phx.gbl
> >Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.ras_routing:11458
> >NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
> >
> >Hi Stan,
> >
> >Thanks for your update. I'd like to disable the firewall on the clients
> and
> >servers temporarily to test the problem. Does it make any difference?
> >
> >Sincerely,
> >
> >William Wang
> >Microsoft Online Support Engineer
> >
> >Get Secure! - www.microsoft.com/security
> >=====================================================
> >When responding to posts, please "Reply to Group" via
> >your newsreader so that others may learn and benefit
> >from your issue.
> >=====================================================
> >
> >This posting is provided "AS IS" with no warranties, and confers no
rights.
> >--------------------
> >>From: "stan" <no@email.com>
> >>References: <#IUQbi2DEHA.3748@TK2MSFTNGP11.phx.gbl>
> ><oasr50pq8vv9jb73h253qbbvs72fl1u4v3@4ax.com>
> ><#Tql9P4DEHA.3372@TK2MSFTNGP10.phx.gbl>
> ><1CZT5DCEEHA.1196@cpmsftngxa06.phx.gbl>
> >>Subject: Re: RAS and etokens
> >>Date: Mon, 22 Mar 2004 21:00:42 -0500
> >>Lines: 115
> >>X-Priority: 3
> >>X-MSMail-Priority: Normal
> >>X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> >>Message-ID: <#2cTAhHEEHA.2628@TK2MSFTNGP11.phx.gbl>
> >>Newsgroups: microsoft.public.win2000.ras_routing
> >>NNTP-Posting-Host: host-24-225-238-137.patmedia.net 24.225.238.137
> >>Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
> >>Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.ras_routing:11419
> >>X-Tomcat-NG: microsoft.public.win2000.ras_routing
> >>
> >>Actually I am still having issues. Using an etoken, I have sert server
> >setup
> >>etc. enrollment station issuing smart card certs. I can apply for and
> >>receive certificates not problem
> >>
> >>I create a VPN sonnection and initially select do not use smart card.
> >>Configuser username and password and then select properties...use my
smart
> >>card. I can acess my usb token containing my keys but the authentication
> >>times out as the verifying username and passoword. Only event log reads
> the
> >>authentication did not complete in a timely fashion or something to that
> >>affect.
> >>
> >>If i deselect smart card logon and go in straight with username and
> >>password, it connects and authenticates without issue. I'm stumped.
> >>
> >>
> >>"William Wang[MSFT]" <v-rxwang@online.microsoft.com> wrote in message
> >>news:1CZT5DCEEHA.1196@cpmsftngxa06.phx.gbl...
> >>> Hi Stan,
> >>>
> >>> Thanks for your posting and thanks for Peter's help. I'm writing to
> check
> >>> if Peter's suggestion helps. Please feel feel free to let us know if
you
> >>> would like further assistance.
> >>>
> >>> Sincerely,
> >>>
> >>> William Wang
> >>> Microsoft Online Support Engineer
> >>>
> >>> Get Secure! - www.microsoft.com/security
> >>> =====================================================
> >>> When responding to posts, please "Reply to Group" via
> >>> your newsreader so that others may learn and benefit
> >>> from your issue.
> >>> =====================================================
> >>>
> >>> This posting is provided "AS IS" with no warranties, and confers no
> >>rights.
> >>> --------------------
> >>> >From: "stan" <no@email.com>
> >>> >References: <#IUQbi2DEHA.3748@TK2MSFTNGP11.phx.gbl>
> >>> <oasr50pq8vv9jb73h253qbbvs72fl1u4v3@4ax.com>
> >>> >Subject: Re: RAS and eTokens
> >>> >Date: Sun, 21 Mar 2004 15:52:05 -0500
> >>> >Lines: 50
> >>> >X-Priority: 3
> >>> >X-MSMail-Priority: Normal
> >>> >X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
> >>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> >>> >Message-ID: <#Tql9P4DEHA.3372@TK2MSFTNGP10.phx.gbl>
> >>> >Newsgroups: microsoft.public.win2000.ras_routing
> >>> >NNTP-Posting-Host: host-24-225-238-137.patmedia.net 24.225.238.137
> >>> >Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> >>> >Xref: cpmsftngxa06.phx.gbl microsoft.public.win2000.ras_routing:11377
> >>> >X-Tomcat-NG: microsoft.public.win2000.ras_routing
> >>> >
> >>> >Thanks.....I had MSCHAP deselected. With our token you had to first
> >setup
> >>> >your account without smartcard, set username and password and then
> >select
> >>> >smartcard authentication.
> >>> >
> >>> >"Peter och Maria Rydqvist" <anonymous@telia.com> wrote in message
> >>> >news:oasr50pq8vv9jb73h253qbbvs72fl1u4v3@4ax.com...
> >>> >> On Sun, 21 Mar 2004 12:36:03 -0500, "stan" <no@email.com> wrote:
> >>> >>
> >>> >> >Hello All:
> >>> >> >
> >>> >> >Experiencing an issue trying to implement 2 factor authentication
> >>using
> >>> >> >etokens. Have the CA set up and the certificate end is fine. The
> >>problem
> >>> >> >arises trying to authenticate using the usb token. I can connect
to
> >>the
> >>> >VPN
> >>> >> >server but it sits at the verifying username and password screen
> >>until
> >>> >it
> >>> >> >times out. Disabling the token login and I can vpn just fine.
> >>> >> >
> >>> >> >Did 2 seperate packet captures -
> >>> >> >
> >>> >> >First with tokens enabled and I see LDAP packets being passed and
> >then
> >>> it
> >>> >> >timesout
> >>> >> >Second without tokens and I don't see any LDAP packets and the
> >>> connection
> >>> >is
> >>> >> >fine.
> >>> >> >
> >>> >> >Any thoughts on this would be appreciated.
> >>> >> >
> >>> >>
> >>> >> I use eTokens with my RAS (VPN/PPTP).
> >>> >>
> >>> >> The first you should check is the properties for the RAS server
under
> >>> >> the tab Security.
> >>> >>
> >>> >> There you need to activate the authentication method "Extensible
> >>> >> authentication protocol (EAP)".
> >>> >>
> >>> >> Then, under your remote access policy you need to select the
provider
> >>> >> "Smart Card or other certificate" under Authentication in the
> profile.
> >>> >>
> >>> >> If you haven't issued a certificate for the server, I think you
will
> >>> >> be able to ask for one at this point (it's quite a while ago I did
> >>> >> this).
> >>> >>
> >>> >> Then you should be set. You will get a question at connect time if
> you
> >>> >> would like to accept the server certificate.
> >>> >>
> >>> >> /Peter
> >>> >
> >>> >
> >>> >
> >>>
> >>
> >>
> >>
> >
> >
>
- Next message: Bill Grant: "Re: VPN server behind router that performs NAT"
- Previous message: Egbert Nierop \(MVP for IIS\): "VPN server behind router that performs NAT"
- In reply to: William Wang[MSFT]: "Re: RAS and etokens"
- Next in thread: William Wang[MSFT]: "Re: RAS and etokens"
- Reply: William Wang[MSFT]: "Re: RAS and etokens"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
