• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication Page: [1]
Login
Message << Older Topic   Newer Topic >>
Discussion on Configuring Calling VPN Gateway to use EA... - 25.Aug.2003 4:34:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
This thread is for discussing the article on calling VPN gateway using certificate authentication at:

http://isaserver.org/tutorials/g2geapcertauthpart1.html

HTH,
Tom

[ August 27, 2003, 09:02 AM: Message edited by: tshinder ]
Post #: 1
RE: Discussion on Configuring Calling VPN Gateway to us... - 11.Sep.2003 10:46:00 PM   
josem

 

Posts: 33
Joined: 23.Apr.2001
From: New York
Status: offline
Tom,
Will EAP/TLS work with VPN client connections also?

(in reply to tshinder)
Post #: 2
RE: Discussion on Configuring Calling VPN Gateway to us... - 12.Sep.2003 1:10:00 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Jose,

Of course! Very secure when you can't use L2TP/IPSec.

I've got an article on www.isaserver.org/shinder on how to do it, IIRC.

HTH,
Tom

(in reply to tshinder)
Post #: 3
RE: Discussion on Configuring Calling VPN Gateway to us... - 12.Sep.2003 5:03:00 AM   
kmbuchanan

 

Posts: 13
Joined: 3.Sep.2003
From: Lexington, NC
Status: offline
I have tried your handy-dandy handbook on ISA...but when I enable the EAP certificate auth, it gives an eror 789/798 - no certificate found suitable for eap auth.

...ideas?

I install the IPSec cert and the root CA is trusted. I have tried so many options - I am about to give up! HELP!

Tom - thanks for helping an entire community of ISA users!

-Kevin

(in reply to tshinder)
Post #: 4
RE: Discussion on Configuring Calling VPN Gateway to us... - 12.Sep.2003 3:15:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kevin,

OK, I've been there myself. Guess what the problem is? The machine has to be a domain member!

Is your server a stand-alone machine?

Thanks!
Tom

(in reply to tshinder)
Post #: 5
RE: Discussion on Configuring Calling VPN Gateway to us... - 13.Sep.2003 5:39:00 AM   
kmbuchanan

 

Posts: 13
Joined: 3.Sep.2003
From: Lexington, NC
Status: offline
quote:
Originally posted by tshinder:
Hi Kevin,

OK, I've been there myself. Guess what the problem is? The machine has to be a domain member!

Is your server a stand-alone machine?

Thanks!
Tom


(in reply to tshinder)
Post #: 6
RE: Discussion on Configuring Calling VPN Gateway to us... - 13.Sep.2003 5:42:00 AM   
Guest
CA Cert Server: 2k3 server - stand alone - non member

Laptop in DMZ Zone: 2k Pro - domain member

The laptop was joined to the domain on the trusted network, assigned a certificate, then moved it to the DMZ (WLAN).

-Kevin

(in reply to tshinder)
  Post #: 7
RE: Discussion on Configuring Calling VPN Gateway to us... - 13.Sep.2003 7:46:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Ken,

The CA has to be an enterprise CA, and the firewall or RADIUS server has to be in the same domain as the enterprise CA.

HTH,
Tom

(in reply to tshinder)
Post #: 8

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2000 Firewall] >> VPN >> Discussion on Configuring Calling VPN Gateway to use EAP/TLS cert authentication Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts