Here is my situation, I am trying to setup a gateway to gateway VPN using L2TP/IPSec with EAP/TLS certificate authentication using this guide, by Tom Shinder. I have followed the guide pretty much to the T. Everything seems to have been setup properly according to the guide. My servers are windows 2003 machines running ISA 2000. I setup a CA server on my DC and gave a machine certificate to the answering VPN server and gave a router certificate to the calling server. Both of which are part of my domain. I have created an account in my AD with the same name as the VPN adapter's name. But, I still can't seem to authenticate the connection properly. RAS logs this error on the answering server:
EventID: 20891
The user local_remote connected from ***.***.***.*** but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used.
Yet in the security log it logs a success for the IKE security association and a logon by the local_remote user. Plus a Special privilages assigned to the user message.
I have read the few posts on this subject on the forum but the only suggestion that seem to come up was a possible DNS problem. I am using my internal DNS server which is running on my DC.
Any help would be gratefully appreciated. Thank you.
Shan
EventID: 20891
The user local_remote connected from ***.***.***.*** but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used.
Yet in the security log it logs a success for the IKE security association and a logon by the local_remote user. Plus a Special privilages assigned to the user message.
I have read the few posts on this subject on the forum but the only suggestion that seem to come up was a possible DNS problem. I am using my internal DNS server which is running on my DC.
Any help would be gratefully appreciated. Thank you.
Shan
