Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (Full Version)

All Forums >> [ISA Server 2000 Firewall] >> VPN



Message


tshinder -> Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (25.Aug.2003 4:34:00 AM)

This thread is for discussing the article on calling VPN gateway using certificate authentication at:

http://isaserver.org/tutorials/g2geapcertauthpart1.html

HTH,
Tom

[ August 27, 2003, 09:02 AM: Message edited by: tshinder ]




josem -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (11.Sep.2003 10:46:00 PM)

Tom,
Will EAP/TLS work with VPN client connections also?




tshinder -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (12.Sep.2003 1:10:00 AM)

Hi Jose,

Of course! Very secure when you can't use L2TP/IPSec.

I've got an article on www.isaserver.org/shinder on how to do it, IIRC.

HTH,
Tom




kmbuchanan -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (12.Sep.2003 5:03:00 AM)

I have tried your handy-dandy handbook on ISA...but when I enable the EAP certificate auth, it gives an eror 789/798 - no certificate found suitable for eap auth.

...ideas?

I install the IPSec cert and the root CA is trusted. I have tried so many options - I am about to give up! HELP!

Tom - thanks for helping an entire community of ISA users!

-Kevin




tshinder -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (12.Sep.2003 3:15:00 PM)

Hi Kevin,

OK, I've been there myself. Guess what the problem is? The machine has to be a domain member!

Is your server a stand-alone machine?

Thanks!
Tom




kmbuchanan -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (13.Sep.2003 5:39:00 AM)

quote:
Originally posted by tshinder:
Hi Kevin,

OK, I've been there myself. Guess what the problem is? The machine has to be a domain member!

Is your server a stand-alone machine?

Thanks!
Tom





Guest -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (13.Sep.2003 5:42:00 AM)

CA Cert Server: 2k3 server - stand alone - non member

Laptop in DMZ Zone: 2k Pro - domain member

The laptop was joined to the domain on the trusted network, assigned a certificate, then moved it to the DMZ (WLAN).

-Kevin




tshinder -> RE: Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication (13.Sep.2003 7:46:00 PM)

Hi Ken,

The CA has to be an enterprise CA, and the firewall or RADIUS server has to be in the same domain as the enterprise CA.

HTH,
Tom




Page: [1]