Join or sign in Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below. Use Your Email Use FacebookUse Linkedin

Configure certificates for an L2TP/IPSec VPN

Locked

so i used this handy: Configure IT Quick: Configure certificates for an L2TP/IPSec VPN (at http://articles.techrepublic.com.com/5100-1035_11-1048126.html)

I think i followed the instructions properly, I requested and installed the certificate. Though when i reconfigure windows vpn client to use IPsec, i get an error that says i do not have a certificate.

i might mention that I’m using w2k sbs and XP, so no w2k.

any ideas?

thanks

Topic

Clarifications

In reply to Configure certificates for an L2TP/IPSec VPN

Clarifications

Where did you

In reply to Configure certificates for an L2TP/IPSec VPN

install the cert? and where did you get it?
Is this an open (as on the internet) VPN or internal network that your VPN is to be carried? I would suggest that for a private VPN, one should use his own certs. (as in make them your self) Keep in mind that the same certs need to be installed on all the computers that can connect to that VPN. -d

I got it from…

In reply to Where did you

i made the cert. its from an w2k3 sbs from an open VPN. I cant seem to find where it is installed or figure out how to tell if the same cert is installed on both machines. any more advice?

thanks for the reply.

Are you useing the XP as your server monitor?

In reply to I got it from…

Or doing your set-up directly on the server? Anyway, go to the sourse, the MSDN Lirary. (then -> win32 and COM Devolopment
-> Security) a good place to get up to speed. link: [ http://msdn2.microsoft.com/en-us/library/aa139845.aspx ]
Best for you though to get you where you need to be is (again the MSDN Library) You’ll be working in the Cert Manager, found on your system under WINN (or Windows, on the XP machine, and I think the Ser2003 and up) Then open the System 32 folder. You’ll find the ‘certmgr.exe’ there. (it will appear as an icon, of a certificate) Again to guide you through that go to the MSDN Library -> .NET Development -> Previous Versions (don’t ask me why it’s there) -> Tools and Debugger -> .NET Framework Tools -> Certificate Manager. Link: [ http://msdn2.microsoft.com/en-us/library/e78byta0(VS.71).aspx ]
Have Fun, Let me know how you make out. -d

guys…this is a Small Business Server environment

In reply to Are you useing the XP as your server monitor?

Certificate Services is not normally installed in a Small Business Server by default.

you CAN create web site certificates or install 3rd party web site certificates in IIS, however to use L2TP IPSec in a Small Business Server environment, see this article which applies to L2TP IPSec remote access on Small Business Server 2003. Note using the remote access wizard simplfies the configuration process.

http://support.microsoft.com/kb/816514

Ok, ok… Good point.

In reply to guys…this is a Small Business Server environment

I still not sure exactly what it is that he’s setting up. My first question was to find out if this is an internal (as in all in one place, office) or external (as in utilizing the big www, maybe for telecommuting). You’re right in that it looks like over kill. I have to use such things as certs, to be able to communicate with those that require such. (a must for SSL) Good link BTW, Thanks. -d
(and a thanks for keeping an eye on me. was I getting carried away again?)

no not getting carried away

In reply to Ok, ok… Good point.

but Small Business Server isn’t like Windows Server 2003 standard. It’s setup using wizards and manually configuring stuff can actually break SBS. Example DHCP. DHCP breaks if you try to make a new scope to replace an existing scope manually. Have to rerun the setup wizard and the connect to the internet wizard to fix it.

just like certificate services. it’s not installed by default and because Small Business Server runs sharepoint services, you can have web certificates that have nothing to do with L2TP IPSec remote access certificates. On top of that, implementing L2TP IPSec communications on the LAN and WAN can be a problem. Certificate services works but their self signed so for the WAN traffic the certs aren’t recognized as safe.

what im trying to do

In reply to Ok, ok… Good point.

Thanks for all your replies. I will try you advice tomorrow. Just to let you know. I’m trying to share network resources cross continent. There is a dc running w2k on site A and a DC running w2k3 on site B. I’d like to be able to share folders, etc securely via the Internet.

Thanks again so much for all your helpful and timely replies.

Small Business Server 2003

In reply to what im trying to do

best way to do this is on a Small Business Server 2003 is RWW or simply VPN using the remote connection client program. An even better way is to publish the internal Company Web via https.

L2TP IPSec over VPN, though really secure would be a bear to administer on SBS network.

visit Technet

In reply to Configure certificates for an L2TP/IPSec VPN

If this is on a Small Business Server network, visit Microsoft Technet for for installing certificate services in a SBS environment and using L2TP during remote Access. .

[Author]

Replies