Any VPN Guru ? W2k3 L2TP VPN - not much hair left, suggestions please
- From: nick.farrow@xxxxxx
- Date: 31 Aug 2006 07:21:16 -0700
Hi,
I have been at this for few days now with not much progress.
The problem is that I have it configured to what I think correct, but a
vpn client cannot connect and I cant find anything in the logs that
indicate a failure other than that a ike negotiation failed. The client
get a message that the machine certificate is not installed, but I
guess thats a cover for lots of things being wrong. I dont really know
whether is ipsec, RRas or domain settings that are wrong. I have a
simple set up, domain server connected to the inet over one lan card,
and the client dhcp'd to another lan card foe the internal network. I
jst want a simple l2tp vpn between the client and the server on the
internal network.
So the basic config is -
- RRAS set up for l2tp. It has KB914841 installed (this configures the
ipsec firewall).
- RRAS access policy set up for tunnel type=l2tp and NasportType = vpn,
and granted
- Active directory Computers, Group Policy edit - Autoenroll enabled
and certificate generated
- All restarted.
- Server and client have a brief dialog over port 500 before the client
complains of no certificate
There are some bits I'm not sure of
1) ipsecmon shows there is no active policy - do I need this ? I have
tried adding one and making it active, but it asked my to select a
certificate to use - so it would not be using the autogenerated one ?
2) I'm not sure of what half the ipsec config should be, as revealed by
'netsh ipsec dynamic show'
Can anyone give me some clear pointers and help, l2tp seems to be
configured differently between w2k and w2k3
Thanks
nick
.
- Prev by Date: Re: Rename AD domain name
- Next by Date: Re: Rename AD domain name
- Previous by thread: Re: Sharing Permissions
- Next by thread: Win2k3 LAN Routing Questions
- Index(es):
Relevant Pages
|
|
