Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setup RRAS to use L2TP/IPSEC not PPTP?

Status
Not open for further replies.

gavm99

IS-IT--Management
May 18, 2004
809
GB
Hi all,

What I want to do is use RRAS to setup a IPSEC tunnel. I then want to be able to configure home PC's to connect in using IPSEC.

I have done this on many occasions with PPTP but never with IPSEC.

Can you please advise me if this is possible?
How I go about doing it?

Thanks in advance.
 
The whole process of using L2TP/IPSec is quite different that PPTP. I know it's old, and a custom MS thing but generally I prefer PPTP - because it's simple. I personally don't have time or the will to mess around with certificates on clients so opt for PPTP.

However, IPSec offers a big advantage in that you know that the device is authorised as well as the user. (The device must have a valid certificate, along with a username/password).

In terms of getting RRAS setup, it's the usual wizard, but once done go into the ports properties, 'Configure' the PPTP port and tell it not to be used for remote connections.

This will ensure that the RRAS server will only take in IPSec/L2TP connections instead.
Regarding setting up the rest of the infrastructre (certs) I'll leave that to someone else! :)

Cheers,




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Hi Steve and All,

I have setup RRAS from you advice and that makes sense. However I'm now at the same point you mentioned, I need to know how to setup and issue certificates to clients? Does anyone know how to do this? I'm guessing on the server all you do is install and configure certificate services. How do I configure the client though? How does it get the certificate?

Any help would be appreciated.
 
From the little I know about it you need to get the client to request the certificate from a CA - but that's more of an assumption than anything else.

Try and
Should give you a pretty good guide.




Steve.

"They have the internet on computers now!" - Homer Simpson
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top