RE: L2TP Tunnels with Certificates
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 18 Sep 2003 14:00:58 -0500
Hi Glenn,
I'm curious why you would need to run secedit for L2TP/IPSec gateawy to
gateway links. Once the certificates are installed, that's it. I can see
it if you want to force machines to get a certificate immediately if you
have configured AD for autoenrollment for machine certificates, but that
only needs to be done once.
The demand dial interface on the calling router should just fire up as
soon as someone triggers it.
Thanks!
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: Glenn Maks [mailto:gmaks@xxxxxxxxx]
Sent: Thursday, September 18, 2003 1:55 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: L2TP Tunnels with Certificates
http://www.ISAserver.org
Hi Tom,
Thank U for responding, Yes you are correct on the calling
and Persistent part, but what I am trying to figure out is Why? I have
to run the secedit command each and every time the RRAS and IPSEC Policy
Agent services are bounced? I have to run this command "secedit
refreshpolicy machine_policy /enforce" on the downstream ISA server. I
discovered this secedit utility dealing with Microsoft support when I
first started to dabble in L2TP Tunnels with Certificates, you can set
everything right when
building the L2TP Tunnels complete with Certificates, but it
will not connect unless you run the above secedit command I provided in
this email ... any clues ?
Thank you Tom
G.
Other related posts:
