Re: L2TP/IPSEC - Please help - I'm losing it!!
From: Janani V[MSFT] (jananiv_at_online.microsoft.com)
Date: 10/31/04
- Next message: CG: "Re: L2TP/IPSEC - Please help - I'm losing it!!"
- Previous message: CG: "L2TP/IPSEC - Please help - I'm losing it!!"
- In reply to: CG: "L2TP/IPSEC - Please help - I'm losing it!!"
- Next in thread: CG: "Re: L2TP/IPSEC - Please help - I'm losing it!!"
- Reply: CG: "Re: L2TP/IPSEC - Please help - I'm losing it!!"
- Messages sorted by: [ date ] [ thread ]
Date: Sun, 31 Oct 2004 21:34:23 +0530
I think this is a problem with the firewall blocking the traffic. Ensure if
the following ports are opened in the firewall.
UDP 500 - for IKE traffic
UDP 4500 - for IPSEC traffic
UDP 1701 - for L2TP traffic
-- Thanks, Janani. --------------------------------- This posting is provided "AS IS" with no warranties, and confers no rights. "CG" <cg@cg.com> wrote in message news:OYN2Na1vEHA.2540@TK2MSFTNGP09.phx.gbl... > I am running the following: > Windows 2000 IAS server for Radius authentication. > > Windows 2003 RRAS with PPTP and L2TP enabled. PPTP and L2TP with shared > secrets work fine. However, I cannot get certificates working. > > My CA is on another Windows 2000 box. I have setup my client to have a > client authentication certificate stored in the local store. I have verified > that it is there. The Trusted Root CA is in the current user location with > in the MMC Certificates snap-in. This is where it automatically installed > the Trusted Root CA on the RRAS and Client when I installed it from the > http://myca/certsrv "Install this CA Certification path". > > There error I am receiving is: Error 678: There was no answer. I have also > received the error "Timed Out" when I was using the Client Cert (on the > client) and the Server Authentication Cert (on the RRAS server). I have now > installed the IPSEC cert on each machine (RRAS and client) when I receive > the Error 678. > > The firewall is enabled in the RRAS server. There is no firewall between the > client and the Internet. I assume that the connection for L2TP/IPSEC with > shared secrets uses the same ports as the L2TP/IPSEC with Certificates > because the shared secrets connection works. > > I can't figure out what I am missing. > > Should the server have the Server Authentication cert only as well as the CA > certification path? Or should it have the IPSEC cert with the CA > certification path? Also, should the Trusted Root CA show up in the Local > Computer store? If so, why doesn't this happen automatically (I know it's > not a rights issue because I am admin on everything). > > Which cert should the client have? IPSEC or Client Authentication? > > When I install the cert on the server I always restart the ipsec policyagent > then RRAS. Does anything on the client need to be restarted? > > Does a Cert have to reside on the IAS server? > > Many thanks for your help... I'm almost out of ideas! > > >
- Next message: CG: "Re: L2TP/IPSEC - Please help - I'm losing it!!"
- Previous message: CG: "L2TP/IPSEC - Please help - I'm losing it!!"
- In reply to: CG: "L2TP/IPSEC - Please help - I'm losing it!!"
- Next in thread: CG: "Re: L2TP/IPSEC - Please help - I'm losing it!!"
- Reply: CG: "Re: L2TP/IPSEC - Please help - I'm losing it!!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
