L2TP IPSec requirements

  • Thread starter Dennis van Vroonhoven
  • Start date
D

Dennis van Vroonhoven

Hi,

What is required to establish a L2TP IPSec VPN tunnel (Client -> Server)?
- Do you always need a certificate on on the client computer or is there an
alternative?
- Does the client computer needs to be on the domain? (I don't think so)

I try to set this up, on the internal network with a pc member of the domain
I'm able to connect.
On this PC I got the certificate via the webrequest.

Now what do I have to do to make this work on a computer which is not member
of the domain and cannot access the website to request a certificate?
Basicly I want to create a certificate inside the company which I give to
employees who need remote access from their home computer. How can I create
a working certificate for them or antyhing else which can be used for
authentication with L2TP. Using PPTP is no option.

Thanks,
Dennis
 
G

Giridharan Sridharan [MSFT]

- Do you always need a certificate on on the client computer or is there
an
alternative?
You can use "Pre shared key" instead of certificates for L2TP. Please refer
to
http://www.microsoft.com/resources/...acenter/proddocs/en-us/ras_preshared_conc.asp
- Does the client computer needs to be on the domain? (I don't think so)
No.

To get a cert on a non-domain machine, export the cert from a machine into a
file, copy the file into the non-domain machine and then import the
certificate from the file.

Thanks
Giri
 
S

Stephen Cartwright [MSFT]

We do not recommend pre-shared key other than for testing. Its not that
secure so you should use certificates.
Have you also downloaded the certificate chain and placed in the Trusted
Root CA Store for the Local Computer?

You can verify if your certificate is properly chained by double clicking on
it and checking the certification path. Certificates [local computer] >
Personal > Certificates > Certification Path

--
Stephen Cartwright [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top