Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/29/04
- Next message: Richard K: "RAS Connection Issues"
- Previous message: Greg West: "Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?"
- In reply to: Greg West: "Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?"
- Next in thread: Robert L [MS-MVP]: "Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 29 Nov 2004 05:29:34 GMT
I have not read of anyone being able to do such and due to the fact that it
is not hard to set up a Certificate Authority to issue computer certificates
for the VPN server and client computers it would be surprising if many have
actually tried. Since you have a W2K server, you could also make it a CA to
issue certificates which would be much easier and more secure than creating
custom ipsec policies using preshared keys. The links below show the basics
of setting up a CA to issue ipsec certificates for l2tp. For a non domain
you would need to install a stand alone CA as an Enterprise CA can only
exist in AD domains.
http://www.microsoft.com/windows2000/techinfo/planning/security/casetupsteps.asp
-- setup CA
http://www.microsoft.com/windows2000/techinfo/planning/security/cawebsteps.asp -
- Web Enrollment
http://support.microsoft.com/kb/253498/EN-US/ -- how to install ipsec
certificate.
Other considerations are that l2tp will not work if NAT is used in the VPN
connection, which is what most of the home and small business
"router/firewalls" use to provide internet access and the proper ports must
be opened on firewalls in the path to the VPN server. L2tp VPN server
requires traffic to be allowed for ports 500 and 1701 UDP and also allow
ESP/protocol 50 often referred to as l2tp or ipsec passthrough. The router
on the client end would also need to be configured to allow l2tp/ipsec
passthrough. Pptp will work fine through NAT devices and can also be a very
secure VPN for most applications as long as mschapv2 user authentication is
used along with complex user passwords. -- Steve
"Greg West" <westgj@yahoo.com> wrote in message
news:5bb67ae5.0411282028.7e66a489@posting.google.com...
>I am attempting to use IPSec/LT2P Pre-Shared Keys to authenticate
> between XP clients and a Windows 2000 RRAS server. Yes, I know
> Pre-Shared Keys are not directly supported by Microsoft.
>
> I have read article http://support.microsoft.com/kb/240262/EN-US but
> that talks about connecting 2 Win2K RRAS servers over a LAN. I have
> created a new security policy as per the article but since I am new to
> security I really don't know if I have configured it correctly. I set
> the key on the VPN connection to match what I configured in the new
> security policy.
>
> I also added the registry entry as described in the article to the
> Win2K RRAS server but it didn't help.
>
> Has anyone been able to get this to work? I would be very grateful
> for any help.
>
> Greg
- Next message: Richard K: "RAS Connection Issues"
- Previous message: Greg West: "Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?"
- In reply to: Greg West: "Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?"
- Next in thread: Robert L [MS-MVP]: "Re: Has anyone got Win2K RRAS <-> XP Pre-Shared Keys to work through VPN?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
