troubleshooting Question
How to Configure IPSEC in WINDOWS 2003 using CERTIFICATES?
asked on
I have 2 Windows 2003 boxes: one in the internal domain and the other in our DMZ. They're separated by a Firewall. The server in the DMZ is NOT part of our internal domain.
Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem
What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.
I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.
IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.
The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...
What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????
NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
Right now, The firewall is configured to allow ALL traffic between these 2 boxes , so the firewall is not the problem
What we want to do is:
Enable IPSEC between these 2 boxes using certificates...
I configured IPSEC without problem using pre-shared key just for test. It worked like a charm.
I changed the authentication method from Pre-Shared Key to "Certificates". It requested the trusted-root CA certificate, I gave it to them.
IMPORTANT NOTE: There is NOT on-line CA in this environment. We imported into these boxes a Certificate from a off-line CA. Also, we tested selecting any CA listed in the Trusted-Root CA list.
The result is: I cannot ping the DMZ server from the internal and the same in the other way.... they shows "NEGOTIATING IP SECURITY" but never establish a connection...
What I'm missing here? how can I make it work using Certificates instead of Pre-Shared Key????
NOTE: The problem is not How to configure an IPSec policy or filter... we know how to do it.. The problem is using Certificates as authentication method... how to use it???
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.