2003 VPN / IPSec

R

RKB

After much headache and way too many whitepapers, and it
not working the way the white papers say it should, here
is my situation.

Scenario
- 2003 VPN server for remote, (Non-Domain systems)
- L2TP / IPSec connections
- Stand Alone Root CA for certificates needed for L2TP
How can this be done?

I have tried the straight forward approach of installing
the required systems, setting up web based enrollment,
issuing IPSec certificates and setting up both XP and 2k
clients. They never connect. Usually timing out on
security negotiations. I have changed all the settings to
the point of complete frustration.

Any help would be GREATLY appreciated.

-Richard
 
B

Boyd Benson [MSFT]

Hi Richard,

#1
During your test, I would attempt the connection with PPTP to verify that
the RRAS server is accepting connections. If this does not work, then we
need to troubleshoot the configuration of RRAS. If this does work, then we
move to troubleshooting IPsec.

#2
If PPTP does work, then the next step is to do a web based request for
Computer/Machine certificate in the Local Machine Store. This must be done
from the clients and the server (Even if Certificate Services is installed
on the RRAS server itself - There is a certificate already in the correct
store that lists "Intended Purposes", and this equals "All". This
certificate does not work for IPsec.)

Please follow this KB to install the certificate on the client and RRAS
server:
253498 HOW TO: Install a Certificate for Use with IP Security
http://support.microsoft.com/?id=253498

#3
Does this L2TP/IPsec connection traverse a NAT device?
If they do, then you'll need to make sure that the NAT-T update to W2k and
XP is installed:
818043 L2TP/IPSec NAT-T Update for Windows XP and Windows 2000
http://support.microsoft.com/?id=818043

#4
Also, when you mention "(Non-Domain systems)" do you mean the clients are
not in a domain?
Is the server in a domain?

Thanks,
Boyd Benson
Microsoft Technical Support
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

vpn & ipsec 1
vpn & ipsec problems 1
VPN NAT Transparency 2
L2TP problem although IPSec is working using certifiactes 2
Windows 2000 L2TP/IPSec client with Pre-Shared Key to Windows 2003 Server VPN 2
L2TP/IPSEC - Please help - I'm losing it!! 12
2003 and L2TP 2
IPSec vs win2k3 2

Top