OK, so I'm a newbie at this, and may well be trying to do something that's impossible.
What I finally want is..
a) Main company office, running Win2K3 server
b) Access from individual users, connected from home, typically via ADSL + a modem/router.
One of these home users actually has 2 computers + 2 users, so maybe it's like (c) below?
c) Access from sub-office with an internal LAN
What I'm trying to do first:
- I've got Win2K3 being a VPN server
- It's also a CA and I've issued machine and user certs as necessary
- I really wanted to use IPSec (with certs) for machine confirmation, then the domain user+password as 'user confirmation' Which, I think, means using L2TP/IPSEC + MsChap2 (is that right?)
- As an alternative, I've tried it with L2TP/IPSEC + EAP-TLS
I've had both working 'locally' i.e. I can connect to the VPN on the local LAN. So the certificates are working. But I can't get a remote user to connect - presumably it's some NAT and/or firewall issue
The IPSec IKE seems to work OK - I can see a sucess logged on the server. I presume the next stage isn't working.
Is this possible? I'd therefore have:
Remote user -> Modem/Router -> Internet -> Modem/Router -> Win2K3 VPN server
The first modem/router will be using NAT. Can the second one? I've tried it in NAT mode, and with the server on a DMZ - the latter worked better (IKE worked).
Any pointers appreciated. I've read so many links!
By 'eck - isn't it confusing!
Start Free Trial
