Cannot get Certificates working for VPN L2TP IPSec Server and Client

Posted on 2004-11-19
Last Modified: 2013-12-04
I have a remote Windows 2003 Server configured as a VPN server, through RRAS. It is also a Standalone Root CA and has IIS installed. It is not in a domain so AD is not installed.

I have VPN working through PPTP but needed to connect multiple clients from behind a NAT firewall, so am migrating to L2TP and IPSec. I have tested the system OK, using pre-shared keys but cannot get the certificate part to work.

On the client XP computer, Using web enrollment, I have installed client authorisation cert and IPSec Cert to the local machine store. Are these the right certs to install and what certs (if any) do I need to install on the VPN server?

On the client VPN connection properties, security tab, I have selected Advanced and configured the settings to use EAP "Smart Card or other Certificate", properties to use a certificate on this computer, simple certificate selection and de-selected validate server certificate (because I didn't understand the options...)

Hope this is enough info for someone to help?
Question by:CrossMouse

    Author Comment

    I've now resolved this issue myself and the answer is:

    Install an IPSec certificate for the local machine store on the VPN server

    Install an IPSec certificate for the local machine store on the client PC

    Export the issuing CA cert to a file on the client PC and then import it to the Trusted Root CA certificates folder. Note that other articles will say that there is a red cross next to the issuing CA on the client machine, before you have added it to the Trusted folder, but I did not find this to be the case.

    To view installed certs, Start, Run, mmc Enter Add Certificates, computer account NOT local user.

    Hope this may help someone else...

    Accepted Solution

    PAQed with points refunded (250)

    Community Support Moderator

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
    No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now