Windows 2003 L2TP/IPSec behind Linksys WRV54G router
Posted on 2003-12-09
I have a Windows 2003 server set to accept incoming VPN connections. The server is behind a brand new Linksys Wireless-G VPN Broadband router. I am trying to connect remote users to the VPN server using L2TP/IPSec connection with encryption and Certificate authentication.
I have created the Self-Signed certificate in the server.
Ports 4500, 1723, 47-50, 500 & 1701 TCP/UDP are forwarded to the local server IP
Set the server to accept Incoming Connections & set up the allowed users.
Setup Server Local Security Policy->IP Security Policies. Here I created a new policy named L2TP the is Assigned. It has dynamic filter list, Filder Action is set to Default Response, Authentication method is my certificate and a preshared key as second option, no tunnel endpoint, All connection types.
On the client side I have the default XP VPN connection service.
I have Custom setting enabled in Security Tab
I am using optional encryption
Use a certificate in this computer
Use simple cert. selection
Validate server cert.
Trusted RCA is my Certificate Authority (The Win2003 server) Certificate
In Networking I have L2TP/IPSec VPN
When I try to connect from another PC inside the LAN I get this warning:
A certificate can not be found to be used with EAP.
I have tried using the Pre-Shared key instead of the certificate from the LAN PC, and the connection does not go thru. It times out. The Event Viewer->Security log show a sucessful login.
As you can see I am failing to connect from the inside, have not tried it from the outside.
The router has VPN tunneling, but the documentation is non-existant and the Linksys site KB is even more confusing. I read the article about Configuring IPsec Between a Microsoft Windows 2000 or XP and the BEFVP41, and Setting up a VPN tunnel between two BEFSX41 routers but did not get any insight.
Obviously the router is capable of VPN connections. How do I use the tunnels to connect to the server.
What are my choices? Can I use PPTP instead of L2TP? Can I use the router as the IPSec endpoint instead of the VPN server?
Your suggestions are welcome!