Re: L2TP/IPSec tunnel with ISA Server => Problem with Certificates
- From: Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Sat, 24 May 2003 13:08:11 CEST
Hi Thomas,
No I didn't, but as I posted on another mail, I found the misconfiguration. The
VPN gateways were not on the domain. I still do not understand why the must be
in the domain. My need is to interconnect 2 sites that do not have Domain
Controllers...
Thanks
Rafael
----Message d'origine----
>Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with
>Certificates
>Date: Fri, 23 May 2003 01:33:10 -0500
>De: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
>A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>
>http://www.ISAserver.org
>
>
>Hi Rafael,
>
>Did you disable fragment filtering? Its disabled by default, but sometimes it
>gets turned on and you forgot that you did it.
>
>HTH,
>Tom
>
>Thomas W Shinder
>www.isaserver.org/shinder
>ISA Server and Beyond: http://tinyurl.com/1jq1
>Configuring ISA Server: http://tinyurl.com/1llp
>
>
>
>-----Original Message-----
>From: Rafael Corvalan [mailto:rco-ml@xxxxxxxxxxxxxxx]
>Sent: Thursday, May 22, 2003 5:31 AM
>To: [ISAserver.org Discussion List]
>Subject: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with
>Certificates
>
>
>http://www.ISAserver.org
>
>
>Hello,
>I think this is not the issue here, since clocks are sync. By the way, today,
>certificates are one day old, and it still doesn't work...
>Thank for your help!
>Rafael
>
>----Message d'origine----
>>Date: Thu, 22 May 2003 10:07:11 +0300
>>De: Grefenp Berchmann C Sodusta <grefenp@xxxxxxxxxxx>
>>Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with
>>A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>>
>>http://www.ISAserver.org
>>I had the same issue before, the problem
>>was with the certificate start validation date. The start validation date
>>of the issued certificate is later than the date on your machine. I fix
>>this by forwarding the date 1 more day on the machine, date was not a problem
>>since it was just a test machine. Hope this helps.
>>Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx>
>>05/22/2003 03:06 AM
>>Please respond to
>>"[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
>>To
>>"[ISAserver.org Discussion
>>List]" <isalist@xxxxxxxxxxxxx>
>>cc
>>Subject
>>[isalist] L2TP/IPSec tunnel
>>with ISA Server => Problem with Certificates
>>http://www.ISAserver.org
>>Hi,
>>I installed a test lab with 2 Win 2003 server running ISA Server 2000 SP1
>>(+ hotfix). I'm trying to do L2TP/IPSec tunneling, as described on Thomas
>>Shinder
>>article:
>>http://www.windowsecurity.com/articles/Configuring_Gateway_to_Gateway_L2
>>TPIPSec_VPNs_Part_1_Configuring_the_Infrastructure.html
>>When I try to connect with L2TP/IPSec (PPTP works fine), I get an error
>>message on the gateway issuing the L2TP call:
>>"The L2TP attemp failed because there is no valid machine certificate
>>on your computer for security authentication".
>>The problem is that my "client" VPN gateway *has* a certificate.
>>It has been issued by the Root CA described on the article. I tried several
>>ones: key length 512 and 1024, client certificate, server certificate etc...
>>My "server" VPN gateway also has its own certificate.
>>Does anyone knows where this error come from?
>>1) I already rebooted
>>2) I think I followed the steps described in the article with 2
>>exceptions: IP Addresses and version of Windows Server (I'm using 2003).
>>3) I saw MS Article #247231 but it seems that my problem is not one of
>>those discussed on this article
>>I put in attachment the Netowk Monitor file with the paquets exchanged
>>between the 2 gateways.
>>Thanks to anyone that has an idea !!!!
>>Rafael
-------------------------------------------------------------
NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar...
Web/Wap : www.netcourrier.com
Téléphone/Fax : 08 92 69 00 21 (0,34 ? TTC/min)
Minitel: 3615 NETCOURRIER (0,15 ? TTC/min)
Other related posts:
