Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

How to Configure IPSEC in WINDOWS 2003 using CERTIFICATES?

Avatar of CJRODRIG
CJRODRIGFlag for Venezuela, Bolivarian Republic of asked on
Windows Server 2003EncryptionInternet Protocol Security
1 Comment1 Solution788 ViewsLast Modified:
I have 2 Windows 2003 boxes: one in the internal domain and the other in our DMZ. They're separated by a Firewall. The server in the DMZ is NOT part of our internal domain.

Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem

What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.

I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.

IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.

The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...

What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????

NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
ASKER CERTIFIED SOLUTION
Avatar of Paka
Paka

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 1 Comment.
See Answers