RE: L2TP Tunnels with Certificates
- From: Glenn Maks <gmaks@xxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 18 Sep 2003 15:54:01 -0400
Will do .. one possible reason could be that I built my ISA servers as Stand
Alone, that is to say they are NOT member servers to the Internal AD
network, so it has no DC to get any security policies from, of course I am
only speculating at this point.
thanks Tom for your always valued expertise.
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxxxxxxxxx]
Sent: Thursday, September 18, 2003 3:50 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: L2TP Tunnels with Certificates
http://www.ISAserver.org
Hi Glenn,
I know that you're not the only one, becuase I've set up a lot of them and
never had to do this :-)
Let us know what you find out about this.
Thanks!
Tom
Thomas W Shinder
<http://www.isaserver.org/shinder> www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1 <http://tinyurl.com/1jq1>
Configuring ISA Server: <http://tinyurl.com/1llp> http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Thursday, September 18, 2003 2:47 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: L2TP Tunnels with Certificates
http://www.ISAserver.org
Yep, as far as my Cert Server living on the DMZ, when the Certificate Web
Code is installed under IIS when you install Certificate services you can do
2 things, remove anonymous logins which will force a login authentication
just to open the web based certificate issue sequence and adjust the
Certificate server to NOT auto issue, this
why you as the administrator must view the Cert request and make the
decision to issue or not issue this Certificate, really does not pose much
of a security risk, the Certification server was installed as a Stand Alone
CA. Again, I need to read further into Secedit and why I need to run it
every time the ISA server is rebooted, it is not like
it looses track of the Certificate, so I am bit puzzled, for the time being
I plan on writing a script to run this secedit utility then bounce both the
IPSEC Policy Agent Service
and the RRAS Service. When I get more information on this topic I will post
it, I am sure I am not the only one running a IPSEC Tunnel with
Certificates.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
gmaks@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
