Re: IAS / RRAS
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/17/05
- Next message: Pete Coe: "RE: IIS ADMIN Service Fails to start after applying Windows Security U"
- Previous message: Janani V: "Re: IAS / RRAS"
- Maybe in reply to: Janani V: "Re: IAS / RRAS"
- Next in thread: Jordan Samulaitis: "Re: IAS / RRAS"
- Reply: Jordan Samulaitis: "Re: IAS / RRAS"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 Jan 2005 01:22:30 -0600
What do you mean it can not see the domain - through a VPN connection or
otherwise??
You do not have to use IAS. It is convenient if you have multiple rras
servers in that you can configure Remote Access Policies on just the IAS
server. So you may want to try to do without the IAS server until problems
are resolved to rule it out as a problem.As far as certificates, you may
first want to test with preshared key assuming you have an XP VPN client.
When you install certificates, you need to install computer certificates on
both the VPN client and VPN server. If IAS will be used, then the IAS server
will need a computer certificate [or IAS/RAS certificate] or pre shared key
if used [recommended for testing ONLY]. Keep in mind that since L2TP uses
ipsec that it will not work over a NAT connection unless you have the NAT-T
client installed on the VPN client. Also any firewalls have to allow L2TP
traffic that uses different ports/protocols that pptp such as 1701 UDP, 500
UDP, and 4500 UDP [NAT-T]. Also protocol 50 for ESP needs to be allowed. The
link below also explains the new behavior for NAT-T in Windows XP Service
Pack 2 which may need a registry mod to get it to work. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;885407
"Jordan Samulaitis" <jordan@jvsDELETEnetworks.com> wrote in message
news:%23ffXDlF$EHA.2076@TK2MSFTNGP15.phx.gbl...
> Hello everyone,
>
> I am currently testing VPN connectivity.
>
> This is my current test lab.
>
> - 1 Windows server 2003 standard edition with 1 network card
> - Services - DNS/DHCP/IIS/RRAS/IAS all on the one server.
> - 1 Windows XP workstation with 1 network card
>
> What I did first was setup RRAS and DHCP Relay agent. created a VPNUser
> account, and successfully logged on via PPTP. All fine and dandy.
>
> When it came down to try L2TP, I knew I had to install IAS and certificate
> services in order for the server to give out certificates and to have a
> centralized logon, I authorized IAS into active directory and so on. what
> seems to happen is whenever I install IAS and start the service, when I
> reboot my workstation it does not see the server nor the domain, even when
> I
> try to ping the ip address it says timed out. Any reason for this? I know
> on the MS website in the VPN lab, they were using four servers, one for
> IIS,
> IAS, RRAS, DNS, DHCP.
>
> Is it because I have only one network card??? What could be my problems?
> Can I still setup L2TP connections without IAS ??
>
> Thanks in advance,
>
> Jordan
>
>
- Next message: Pete Coe: "RE: IIS ADMIN Service Fails to start after applying Windows Security U"
- Previous message: Janani V: "Re: IAS / RRAS"
- Maybe in reply to: Janani V: "Re: IAS / RRAS"
- Next in thread: Jordan Samulaitis: "Re: IAS / RRAS"
- Reply: Jordan Samulaitis: "Re: IAS / RRAS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
