Re: L2TP VPN
- From: "Charlie Russel - MVP" <charlie@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 26 Nov 2006 23:50:38 -0800
This is covered extensively in chapter 15 of our SBS R2 book, but the basic steps are:
1.) Install IAS
2.) Open the IAS console and disable MS-CHAP, and set the encryption to use 128-bit only.
3.) Install Certificate Services (the self signed cert that SBS creates isn't the right one for L2TP.)
4.) Create an enterprise root CA.
5.) Create local computer and current user Certs
6.) Create a server cert for the SBS server
7.) Deploy the certs in steps 5 and 6 to the VPN client(s) and the SBS server respectively.
8.) Modify the SBS Remote Access Policy to allow authentication via certificates (this is in the IAS console)
9.) Set the EAP method to Smart Card or other Cert and use the SBS server cert you created in 6.
10.) Open the ports required in the RRAS console (IKE, IKE NAT Traversal, and L2TP/IPSec)
11.) Enable EAP in RRAS
12.) Add L2TP ports in RRAS.
There are thirteen pages on this in chapter 15. And another batch in chapter 16 if you're using ISA 2k4. It's not trivial, but is possible if you follow the steps exactly. Unfortunately, all the steps are actually required.
--
Charlie Russel
Author: Microsoft Windows Small Business Server 2003 R2 Administrator's Companion (MS Press)
http://www.amazon.com/Microsoft-Business-Administrators-Companion-Pro-Administrators/dp/0735622809/ref=sr_11_1/104-0475887-4767969?ie=UTF8
"Markus" <Markus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A988538E-681F-4B4F-88F8-B24264947EA6@xxxxxxxxxxxxxxxx
1) I am trying to setup a L2TP VPN to my SBS2003 box.
I have run thru all the wizards.(Connect to the internet and configure
remote access)
The server VM and the XP host are on the same network, no router in between
them.
I connected the host XP to the sbs2003 via RWW and installed the
certificate. I can access the server via RWW no problem. It no longer asks
for a cert, so the cert must be properly installed on theXP.
I can VPN in using PPTP with no problem.
I went into RRAS,selected the ports and unchecked to use the PPTP ports for
incoming. The PPTP ports then disappeared from the ports window. Only L2TP
ports remain. (By default, if both connections are available, will it
connect
PPTP or L2Tp and is this configurable?)
Back on the XP system, I created a connection manually. It cannot connect
(error
800).
I then went back into RRAS on the server and configured it to use a
preshared key and did the same on the host XP. At that point, it connected
via L2TP just fine.
So, I can make the connection via L2TP with a preshared key but not when
using the cert. (I did all this using the connection manager as well with
no connection working), yet the cert seems to be properly installed (because
RWW works correctly)
Any clue what is going on? (because I don't)
2) The connection made using connection manager does not seem to have any
configration available, or info of any sort for that matter, can't even
easily tell the address it is connecting to... is this by design? and is
there a way to change or check it's configuration?
Thanks for youe help!
.
- Prev by Date: Re: Routers for SBS
- Next by Date: Re: Windows Server 2003 Enterprise Edition
- Previous by thread: SBS 2003 VPN error 732?
- Next by thread: Re: L2TP VPN
- Index(es):
Relevant Pages
|
