Hi again! I found MY error. I didn't noticed that in the article (excellent!) the 2 VPN gateways MUST be in the Windows Domain. Now I have a question: WHY ???? In other words, can't I do site-to-site VPN with RRAS/ISA without having a Windows Domain? What I did wrong with my certificates architecture? Thank Rafael ----Message d'origine---- >De: Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx> >A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> >Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with >Certificates >Date: Thu, 22 May 2003 10:31:23 CEST > >http://www.ISAserver.org > > >Hello, >I think this is not the issue here, since clocks are sync. By the way, today, >certificates are one day old, and it still doesn't work... >Thank for your help! >Rafael > >----Message d'origine---- >>Date: Thu, 22 May 2003 10:07:11 +0300 >>De: Grefenp Berchmann C Sodusta <grefenp@xxxxxxxxxxx> >>Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with >>A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> >> >>http://www.ISAserver.org >>I had the same issue before, the problem >>was with the certificate start validation date. The start validation date >>of the issued certificate is later than the date on your machine. I fix >>this by forwarding the date 1 more day on the machine, date was not a problem >>since it was just a test machine. Hope this helps. >>Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx> >>05/22/2003 03:06 AM >>Please respond to >>"[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> >>To >>"[ISAserver.org Discussion >>List]" <isalist@xxxxxxxxxxxxx> >>cc >>Subject >>[isalist] L2TP/IPSec tunnel >>with ISA Server => Problem with Certificates >>http://www.ISAserver.org >>Hi, >>I installed a test lab with 2 Win 2003 server running ISA Server 2000 SP1 >>(+ hotfix). I'm trying to do L2TP/IPSec tunneling, as described on Thomas >>Shinder >>article: >>http://www.windowsecurity.com/articles/Configuring_Gateway_to_Gateway_L2 >>TPIPSec_VPNs_Part_1_Configuring_the_Infrastructure.html >>When I try to connect with L2TP/IPSec (PPTP works fine), I get an error >>message on the gateway issuing the L2TP call: >>"The L2TP attemp failed because there is no valid machine certificate >>on your computer for security authentication". >>The problem is that my "client" VPN gateway *has* a certificate. >>It has been issued by the Root CA described on the article. I tried several >>ones: key length 512 and 1024, client certificate, server certificate etc... >>My "server" VPN gateway also has its own certificate. >>Does anyone knows where this error come from? >>1) I already rebooted >>2) I think I followed the steps described in the article with 2 >>exceptions: IP Addresses and version of Windows Server (I'm using 2003). >>3) I saw MS Article #247231 but it seems that my problem is not one of >>those discussed on this article >>I put in attachment the Netowk Monitor file with the paquets exchanged >>between the 2 gateways. >>Thanks to anyone that has an idea !!!! >>Rafael ------------------------------------------------------------- NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar... Web/Wap : www.netcourrier.com Téléphone/Fax : 08 92 69 00 21 (0,34 ? TTC/min) Minitel: 3615 NETCOURRIER (0,15 ? TTC/min)