Hi Thomas, No I didn't, but as I posted on another mail, I found the misconfiguration. The VPN gateways were not on the domain. I still do not understand why the must be in the domain. My need is to interconnect 2 sites that do not have Domain Controllers... Thanks Rafael ----Message d'origine---- >Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with >Certificates >Date: Fri, 23 May 2003 01:33:10 -0500 >De: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx> >A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> > >http://www.ISAserver.org > > >Hi Rafael, > >Did you disable fragment filtering? Its disabled by default, but sometimes it >gets turned on and you forgot that you did it. > >HTH, >Tom > >Thomas W Shinder >www.isaserver.org/shinder >ISA Server and Beyond: http://tinyurl.com/1jq1 >Configuring ISA Server: http://tinyurl.com/1llp > > > >-----Original Message----- >From: Rafael Corvalan [mailto:rco-ml@xxxxxxxxxxxxxxx] >Sent: Thursday, May 22, 2003 5:31 AM >To: [ISAserver.org Discussion List] >Subject: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with >Certificates > > >http://www.ISAserver.org > > >Hello, >I think this is not the issue here, since clocks are sync. By the way, today, >certificates are one day old, and it still doesn't work... >Thank for your help! >Rafael > >----Message d'origine---- >>Date: Thu, 22 May 2003 10:07:11 +0300 >>De: Grefenp Berchmann C Sodusta <grefenp@xxxxxxxxxxx> >>Sujet: [isalist] Re: L2TP/IPSec tunnel with ISA Server => Problem with >>A: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> >> >>http://www.ISAserver.org >>I had the same issue before, the problem >>was with the certificate start validation date. The start validation date >>of the issued certificate is later than the date on your machine. I fix >>this by forwarding the date 1 more day on the machine, date was not a problem >>since it was just a test machine. Hope this helps. >>Rafael Corvalan <rco-ml@xxxxxxxxxxxxxxx> >>05/22/2003 03:06 AM >>Please respond to >>"[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> >>To >>"[ISAserver.org Discussion >>List]" <isalist@xxxxxxxxxxxxx> >>cc >>Subject >>[isalist] L2TP/IPSec tunnel >>with ISA Server => Problem with Certificates >>http://www.ISAserver.org >>Hi, >>I installed a test lab with 2 Win 2003 server running ISA Server 2000 SP1 >>(+ hotfix). I'm trying to do L2TP/IPSec tunneling, as described on Thomas >>Shinder >>article: >>http://www.windowsecurity.com/articles/Configuring_Gateway_to_Gateway_L2 >>TPIPSec_VPNs_Part_1_Configuring_the_Infrastructure.html >>When I try to connect with L2TP/IPSec (PPTP works fine), I get an error >>message on the gateway issuing the L2TP call: >>"The L2TP attemp failed because there is no valid machine certificate >>on your computer for security authentication". >>The problem is that my "client" VPN gateway *has* a certificate. >>It has been issued by the Root CA described on the article. I tried several >>ones: key length 512 and 1024, client certificate, server certificate etc... >>My "server" VPN gateway also has its own certificate. >>Does anyone knows where this error come from? >>1) I already rebooted >>2) I think I followed the steps described in the article with 2 >>exceptions: IP Addresses and version of Windows Server (I'm using 2003). >>3) I saw MS Article #247231 but it seems that my problem is not one of >>those discussed on this article >>I put in attachment the Netowk Monitor file with the paquets exchanged >>between the 2 gateways. >>Thanks to anyone that has an idea !!!! >>Rafael ------------------------------------------------------------- NetCourrier, votre bureau virtuel sur Internet : Mail, Agenda, Clubs, Toolbar... Web/Wap : www.netcourrier.com Téléphone/Fax : 08 92 69 00 21 (0,34 ? TTC/min) Minitel: 3615 NETCOURRIER (0,15 ? TTC/min)