RE: L2TP Using eToken

  • From: "Peter" <pladd@xxxxxxxx>
  • To: isalist@xxxxxxxxxxxxx
  • Date: Wed, 13 Jul 2005 11:02:27 -0600

I FIGURED IT OUT!!

BTW- Yes, I can get PPTP to work with eToken but not L2TP.  I can get L2TP
to work but not with eToken.

The answer is that the computer needs a Computer Certificate installed
locally (which I had already done).  The user needs a User Certificate
that is installed on the Token (which I had already done).  In addition,
the user needs an IPSEC Certificate issued (I did not do).

Now my problem is that I am using W2003 Standard so I can not export the
IPSEC Cert to the eToken (I could with W2003 Enterprise).  Thus, if I
install the IPSEC Certificate on the local computer (in the User Store)
along with the Computer Certificate, and then use the eToken for User
Authentication, it works perfectly.

This may have an added benefit (or problem depending on how you look at
it) of necessitating purchasing W2003 Enterprise (typical Micro$oft), or
requiring any pc that needs VPN access to our Network to be brought to IT
so that we can "check it out" and install the certificates; or just not
allow non-Company computers VPN access (the most secure method).

Anyway, I am so darn relieved.  

Thanks for your help.  I would like to buy you a virtual beer (or whatever
you drink.)

Thanks


Other related posts: