Welcome to ISAserver.org

Smart Card Authentication Problem w VPN

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> VPN >> Smart Card Authentication Problem w VPN

Page: [1]

Message

<< Older Topic Newer Topic >>

Smart Card Authentication Problem w VPN - 7.Mar.2007 12:35:07 PM

AAckley

Posts: 2
Joined: 9.Feb.2006
Status: offline

My ISA 2004 server is a member of the domain so I can use user certs on smart cards for authentication. Using the VPN client with Windows XP sp2, I can connect to the VPN from the internal network (turned on for testing purposes atm) but not from the external interface.

I get:

"Error 801: This connection is configured to validate the identity of the access server, but Windows cannot verify the digital certificate sent by the server."

The problem I think is that the ISA server is serving up the wrong certificate to the client as way of verifying authentication. The server has a series of certs installed on it, most of them are their for SSL use with Web Server publishing rules but it has a computer and ipsec cert issued to the ISA.

It appears what is happening is the client is sending their cert which is issued from certissuer.mycompany.com and then trying to verify the server cert from the ISA. The ISA is sending websslcert issued by Thawte.

The root cert of my company is installed on the client PCs (and the ISA).

Any thoughts?

Thanks