J
JJ
I am attempting to create a CMAK profile for L2TP/IPSEC based VPN
connections...using EAP with certificates (win2k3 server hosting
RRAS/IAS/CA...winXPsp2 clients).
What I would like is for the profile to behave exactly as the connection
I've created manually:
1. profile should use my current logon credentials...ie...no prompting for
username/password
2. profile should only allow EAP over L2TP
3. profile should NOT use default gateway on remote network
4. profile should enable an additional static route
5. profile should use an existing connection (no dial-up)
I created a profile with the settings that i THOUGHT were required to
accomplish this. When I attempt to use this profile the connection times
out after 60 sec...while negotiating security.
I backed off of requirement #2 above...and after 60+ sec. I was finally
authenticated via EAP. My manually created connection is authenticated
almost immediately.
What would cause the extended authentication time? Is there an advanced
setting I have set incorrectly...or maybe one I need to add? Something to
do with the certificate exchange...CustomAuthData perhaps?!?
What settings are needed in order to accomodate the above requirements? I
have tested many, including:
UseWinLogonCredentials
HideDomain
HidePassword
Dialup
Direct
RequireEAP
Gateway_On_Remote
VpnStrategy
etc.
Any help appreciated...my primary concern is to fix the slow authentication.
Once that is tackled I want to make the profile as simple as possible to
use...just like my manual connection...double-click the connectoid...hit
'connect'...done.
-JJ
connections...using EAP with certificates (win2k3 server hosting
RRAS/IAS/CA...winXPsp2 clients).
What I would like is for the profile to behave exactly as the connection
I've created manually:
1. profile should use my current logon credentials...ie...no prompting for
username/password
2. profile should only allow EAP over L2TP
3. profile should NOT use default gateway on remote network
4. profile should enable an additional static route
5. profile should use an existing connection (no dial-up)
I created a profile with the settings that i THOUGHT were required to
accomplish this. When I attempt to use this profile the connection times
out after 60 sec...while negotiating security.
I backed off of requirement #2 above...and after 60+ sec. I was finally
authenticated via EAP. My manually created connection is authenticated
almost immediately.
What would cause the extended authentication time? Is there an advanced
setting I have set incorrectly...or maybe one I need to add? Something to
do with the certificate exchange...CustomAuthData perhaps?!?
What settings are needed in order to accomodate the above requirements? I
have tested many, including:
UseWinLogonCredentials
HideDomain
HidePassword
Dialup
Direct
RequireEAP
Gateway_On_Remote
VpnStrategy
etc.
Any help appreciated...my primary concern is to fix the slow authentication.
Once that is tackled I want to make the profile as simple as possible to
use...just like my manual connection...double-click the connectoid...hit
'connect'...done.
-JJ