Re: L2TP/IPSec tunnel with ISA Server => Problem with Certificates
- From: Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Thu, 22 May 2003 14:39:58 CEST
Hi again!
I found MY error. I didn't noticed that in the article (excellent!) the 2 VPN
gateways MUST be in the Windows Domain.
Now I have a question: WHY ????
In other words, can't I do site-to-site VPN with RRAS/ISA without having a
Windows Domain? What I did wrong with my certificates architecture?
Thank
Rafael
----Message d'origine----
>De: Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx>
>A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with
>Certificates
>Date: Thu, 22 May 2003 10:31:23 CEST
>
>http://www.ISAserver.org
>
>
>Hello,
>I think this is not the issue here, since clocks are sync. By the way, today,
>certificates are one day old, and it still doesn't work...
>Thank for your help!
>Rafael
>
>----Message d'origine----
>>Date: Thu, 22 May 2003 10:07:11 +0300
>>De: Grefenp Berchmann C Sodusta <grefenp@xxxxxxxxxxx>
>>Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with
>>A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>>
>>http://www.ISAserver.org
>>I had the same issue before, the problem
>>was with the certificate start validation date. The start validation date
>>of the issued certificate is later than the date on your machine. I fix
>>this by forwarding the date 1 more day on the machine, date was not a problem
>>since it was just a test machine. Hope this helps.
>>Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx>
>>05/22/2003 03:06 AM
>>Please respond to
>>"[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>>To
>>"[ISAserver.org Discussion
>>List]" <isalist@xxxxxxxxxxxxx>
>>cc
>>Subject
>>[isalist] L2TP/IPSec tunnel
>>with ISA Server => Problem with Certificates
>>http://www.ISAserver.org
>>Hi,
>>I installed a test lab with 2 Win 2003 server running ISA Server 2000 SP1
>>(+ hotfix). I'm trying to do L2TP/IPSec tunneling, as described on Thomas
>>Shinder
>>article:
>>http://www.windowsecurity.com/articles/Configuring_Gateway_to_Gateway_L2
>>TPIPSec_VPNs_Part_1_Configuring_the_Infrastructure.html
>>When I try to connect with L2TP/IPSec (PPTP works fine), I get an error
>>message on the gateway issuing the L2TP call:
>>"The L2TP attemp failed because there is no valid machine certificate
>>on your computer for security authentication".
>>The problem is that my "client" VPN gateway *has* a certificate.
>>It has been issued by the Root CA described on the article. I tried several
>>ones: key length 512 and 1024, client certificate, server certificate etc...
>>My "server" VPN gateway also has its own certificate.
>>Does anyone knows where this error come from?
>>1) I already rebooted
>>2) I think I followed the steps described in the article with 2
>>exceptions: IP Addresses and version of Windows Server (I'm using 2003).
>>3) I saw MS Article #247231 but it seems that my problem is not one of
>>those discussed on this article
>>I put in attachment the Netowk Monitor file with the paquets exchanged
>>between the 2 gateways.
>>Thanks to anyone that has an idea !!!!
>>Rafael
-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar...
Web/Wap : www.netcourrier.com
Téléphone/Fax : 08 92 69 00 21 (0,34 ? TTC/min)
Minitel: 3615 NETCOURRIER (0,15 ? TTC/min)
Other related posts:
