How to Configure IPSEC in WINDOWS 2003 using CERTIFICATES?
I have 2 Windows 2003 boxes: one in the internal domain and the other in our DMZ. They're separated by a Firewall. The server in the DMZ is NOT part of our internal domain.
Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem
What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.
I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.
IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.
The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...
What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????
NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem
What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.
I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.
IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.
The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...
What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????
NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Windows Server 2003
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
