Re: IAS / RRAS
From: Jordan Samulaitis (jordan_at_jvsDELETEnetworks.com)
Date: 01/17/05
- Next message: Jordan Samulaitis: "Workstation connectivity issue"
- Previous message: Tim Net: "Sending SNMP alerts from Win 2003?"
- In reply to: Steven L Umbach: "Re: IAS / RRAS"
- Next in thread: Steven L Umbach: "Re: IAS / RRAS"
- Reply: Steven L Umbach: "Re: IAS / RRAS"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 Jan 2005 14:47:38 -0600
I am assuming I have certificate services installed on my workstation, ive
been using this one for a while..
So you are basicaly saying
Enable Routing and Remote access.
Configure a VPN thru the wizard
Configure the DHCP Relay Agent
Install Certificate services
goto http://server/certsrv on the workstation
and click auto enroll?
Configure the VPN connectoid and set it for l2tp connections?
if that is the case I have done that and still was unsuccessful.
Regards,
Jordna
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%233aVvUG$EHA.3368@TK2MSFTNGP10.phx.gbl...
> What do you mean it can not see the domain - through a VPN connection or
> otherwise??
>
> You do not have to use IAS. It is convenient if you have multiple rras
> servers in that you can configure Remote Access Policies on just the IAS
> server. So you may want to try to do without the IAS server until problems
> are resolved to rule it out as a problem.As far as certificates, you may
> first want to test with preshared key assuming you have an XP VPN client.
> When you install certificates, you need to install computer certificates
on
> both the VPN client and VPN server. If IAS will be used, then the IAS
server
> will need a computer certificate [or IAS/RAS certificate] or pre shared
key
> if used [recommended for testing ONLY]. Keep in mind that since L2TP uses
> ipsec that it will not work over a NAT connection unless you have the
NAT-T
> client installed on the VPN client. Also any firewalls have to allow L2TP
> traffic that uses different ports/protocols that pptp such as 1701 UDP,
500
> UDP, and 4500 UDP [NAT-T]. Also protocol 50 for ESP needs to be allowed.
The
> link below also explains the new behavior for NAT-T in Windows XP Service
> Pack 2 which may need a registry mod to get it to work. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;885407
>
> "Jordan Samulaitis" <jordan@jvsDELETEnetworks.com> wrote in message
> news:%23ffXDlF$EHA.2076@TK2MSFTNGP15.phx.gbl...
> > Hello everyone,
> >
> > I am currently testing VPN connectivity.
> >
> > This is my current test lab.
> >
> > - 1 Windows server 2003 standard edition with 1 network card
> > - Services - DNS/DHCP/IIS/RRAS/IAS all on the one server.
> > - 1 Windows XP workstation with 1 network card
> >
> > What I did first was setup RRAS and DHCP Relay agent. created a VPNUser
> > account, and successfully logged on via PPTP. All fine and dandy.
> >
> > When it came down to try L2TP, I knew I had to install IAS and
certificate
> > services in order for the server to give out certificates and to have a
> > centralized logon, I authorized IAS into active directory and so on.
what
> > seems to happen is whenever I install IAS and start the service, when I
> > reboot my workstation it does not see the server nor the domain, even
when
> > I
> > try to ping the ip address it says timed out. Any reason for this? I
know
> > on the MS website in the VPN lab, they were using four servers, one for
> > IIS,
> > IAS, RRAS, DNS, DHCP.
> >
> > Is it because I have only one network card??? What could be my
problems?
> > Can I still setup L2TP connections without IAS ??
> >
> > Thanks in advance,
> >
> > Jordan
> >
> >
>
>
- Next message: Jordan Samulaitis: "Workstation connectivity issue"
- Previous message: Tim Net: "Sending SNMP alerts from Win 2003?"
- In reply to: Steven L Umbach: "Re: IAS / RRAS"
- Next in thread: Steven L Umbach: "Re: IAS / RRAS"
- Reply: Steven L Umbach: "Re: IAS / RRAS"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
