Re: L2TP setup
- From: "Adrian Marsh (NNTP)" <adrian.marsh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 31 Dec 2006 12:26:46 +0000
Thanks Charlie. I've only got R1, does it make any difference (except
the IAS part) ?
Would using L2TP overcome any NATing issues which stop PPTP from working?
Charlie Russel - MVP wrote:
.
This is covered extensively in chapter 15 of our SBS R2 book, but the basic
steps are:
1.) Install IAS
2.) Open the IAS console and disable MS-CHAP, and set the encryption to use
128-bit only.
3.) Install Certificate Services (the self signed cert that SBS creates
isn't the right one for L2TP.)
4.) Create an enterprise root CA.
5.) Create local computer and current user Certs
6.) Create a server cert for the SBS server
7.) Deploy the certs in steps 5 and 6 to the VPN client(s) and the SBS
server respectively.
8.) Modify the SBS Remote Access Policy to allow authentication via
certificates (this is in the IAS console)
9.) Set the EAP method to Smart Card or other Cert and use the SBS server
cert you created in 6.
10.) Open the ports required in the RRAS console (IKE, IKE NAT Traversal,
and L2TP/IPSec)
11.) Enable EAP in RRAS
12.) Add L2TP ports in RRAS.
There are thirteen pages on this in chapter 15. And another batch in
chapter
16 if you're using ISA 2k4. It's not trivial, but is possible if you follow
the steps exactly. Unfortunately, all the steps are actually required.
- Follow-Ups:
- Re: L2TP setup
- From: Charlie Russel - MVP
- Re: L2TP setup
- References:
- L2TP setup
- From: Adrian Marsh (NNTP)
- Re: L2TP setup
- From: Charlie Russel - MVP
- L2TP setup
- Prev by Date: Re: Partition sizes
- Next by Date: Re: Monitoring Configuration Wizard Anomolies
- Previous by thread: Re: L2TP setup
- Next by thread: Re: L2TP setup
- Index(es):
Relevant Pages
|
