Avatar of CJRODRIG
CJRODRIGFlag for Venezuela, Bolivarian Republic of

asked on 

How to Configure IPSEC in WINDOWS 2003 using CERTIFICATES?

I have 2 Windows 2003 boxes: one in the internal domain and the other in our DMZ. They're separated by a Firewall. The server in the DMZ is NOT part of our internal domain.

Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem

What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.

I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.

IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.

The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...

What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????

NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
Windows Server 2003EncryptionInternet Protocol Security

Avatar of undefined
Last Comment
Paka
ASKER CERTIFIED SOLUTION
Avatar of Paka
Paka

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Windows Server 2003
Windows Server 2003

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).

129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo