ISA 2004 L2TP VPN using Certificates

ianmclachlan
ianmclachlan used Ask the Experts™
on
Hi Guys,

Trying to get L2TP (certifcates) to work between my VPN clients and ISA2004 server.

Have the following:

My own CA server on Domain X
My ISA server is stand-alone (not part of the domain)
Windows XP / 7 clients

Have installed a CA certifcate in the Trusted Root of ISA.  (This works fines as I use it for SSL traffic for OWA client -> ISA -> Exchange)

Using the CA web page http://local_ip/certsvr I have install a user certifcate on my client machine.

I have setup ISA to accept L2TP and use certifcate authentication.
I have setup the client to use L2TP and selected the certificate to use for authentication

Get error : the connection requires a certificate and no certifcate was found.  - Have checked the certifcate is there.

When using the L2TP and the pre-shared key - all works well.  So I know its a certificate issue.

Anyone came across this before.

Any help... much appreciated.

IM
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Opp'sss sorry... Think I realise whats I have done wrong..

I use RADIUS for authentication.  I assume thats where I set the EAP(Certifcates) not on the ISA server.

Can anyone confirm this.

IM
Have you issued an ipsec certificate to both isa and the client. L2tp requores a machine certificate as well?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial