Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VPN - L2TP over IPSec Certificate Issues

Status
Not open for further replies.
grnfvr

grnfvr

MIS
Dec 21, 2000
111
0
0
US
I have successfully set up PPTP VPN. I now want to set up the more secure L2TP over IPSec. Its my understanding that i need a "computer certificate" on both the VPN server and client. I had no problem installing certificate services and configuring a Certificate Authority on my domain controller at home. So my VPN server has a personal (local computer) certificate from my CA at home. I followed the Win2k online documentation in this process.

My problem is now how to get a computer certificate on my machine at work. I know the domain my computer is a member of does not have a CA. There is a domain in my domain forest that may have a CA. I do have the ability to join the domain, but i do not then have the privelages to add the certificate management add-in for the local computer in the MMC, so that i can request a computer certificate.

My question is do i have any options here? Is there a way to get a certificate from my CA at home. If there is a way, will that enable me to move forward with IPSec?

Thanks for the help,
Matt
 
Sort by date Sort by votes
I haven't tried what you're doing but even if you get the certificate installed I think you're going to have problems. First, the certificate didn't come from a CA that W2K trusts. Second, if the work computer attempts to contact the cert's revocation list it probably won't be able to. Third, both computers need a certificate not just your work computer.

As for your specific problem of insufficient privilages: you need admin rights most likely. If you're not an admin and you're doing this on your work network then do your NT and Security admins a favor and stop :) Otherwise, I'm pretty sure MS technet ( has details on how to do this.
 
Upvote 0 Downvote
Actually, I have full administrative rights to the domain which my work comp is currently a part of. But that domain does not have a CA. There is another domain in our domain forest that i think has a CA, but i do not have administrative rights on that domain. Not that a certificate from the other domains CA will do me any good neccessarily.

my question is do i have to get certificates from the same CA on both the comp at work and the VPN server at home? I don't know enough about certificates or ipsec to know what my options are.

if i understand it right, ipsec is what needs a certificate in order to encode (on sender) and decode (on reciever) packets. again i don't know if the certificates have to be from the same CA. somehow i doubt this because the whole idea is to join remote machines to networks. how in the world does a machine in New York get a certificate from a domain in LA unless they are WANed or the machine is taken to LA?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
76
StevenFromSouth
StevenFromSouth
DrB0b
  • Locked
  • Question
Terminal Server issues doing anything network related after RDPing into
Replies
3
Views
74
DrB0b
DrB0b
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
64
DrB0b
DrB0b
bechna
  • Locked
  • Question
Unable to connect to VPN windows server 2019
Replies
0
Views
51
bechna
bechna
FreeSoldier
  • Locked
  • Question
Server 2012 R2 VPN Encryption
Replies
1
Views
62
tacohunter
tacohunter

Part and Inventory Search

Sponsor

Back
Top