[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
6.4

How to Configure IPSEC in WINDOWS 2003 using CERTIFICATES?

Asked by CJRODRIG in Windows 2003 Server, Encryption for Network Security, IPSec Security Protocol

Tags: IPSEC, Windows 2003, Certificates

I have 2 Windows 2003 boxes: one in the internal domain and the other in our DMZ. They're separated by a Firewall. The server in the DMZ is NOT part of our internal domain.

Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem

What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.

I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.

IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.

The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...

What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????

NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
 
Related Solutions
Keywords: How to Configure IPSEC in WINDOWS …
Title
1 VPN Client connects but cant route bet…
2 Cisco VPN Client question
3 VPN and L2TP problems
4 Cisco ASA 5505 slow internet speed
5 Front-end/back-end topology with …
6 VPN access via PIX
 
Loading Advertisement...
 
[+][-]03/21/09 04:57 AM, ID: 23946893Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Windows 2003 Server, Encryption for Network Security, IPSec Security Protocol
Tags: IPSEC, Windows 2003, Certificates
Sign Up Now!
Solution Provided By: Paka
Participating Experts: 1
Solution Grade: B
 
 
Loading Advertisement...
20091021-EE-VQP-81 - Hierarchy / EE_QW_EXPERT_20070906