• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Certificates and L2TP/IPSEC

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> Certificates and L2TP/IPSEC Page: [1]
Login
Message << Older Topic   Newer Topic >>
Certificates and L2TP/IPSEC - 11.Aug.2008 12:05:49 PM   
Ross G

 

Posts: 11
Joined: 5.Aug.2004
From: Michigan
Status: offline
Hi all,

I have a server (server.mydomain.com) with ISA 2006 and am using it as an L2TP VPN server.  My problem is we want it to be named vpn.mydomain.com externally, so it's easy to remember.  This is no problem with PPTP as I can just point a host or alias record there, but with L2TP of course that name (vpn.mydomain.com) doesn't match the computer certificate name (server.mydomain.com) on the machine so authentication fails.

I've tried a few logical ways around this:

*Add certificates of type IPsec, Web Server with the vpn.mydomain.com name - this does not work because it defaults to the computer cert.  Even if the computer cert is removed it won't use these.
*Copy the computer cert to my own template and enroll, supplying the name I want - This does not work because it won't use the cert (makes me wonder, is it being super-picky and only using certificates with the standard "machine" template?)
*Tried creating standard "machine" cert with alt names matching the name I want, receive an error.  This may be because the "machine" template is set to get names from AD vs in the request.
*Thought about adding a RADIUS server where I know I can select my cert from a list, but really do not want to add that extra dependency to the VPN service.
*Thought about having clients check the "match domain only" option, but want to avoid relying on users doing this if at all possible.

So I'm wondering, is there any way to control what certificate ISA will use for the L2TP VPN without using RADIUS?

Thanks,
Ross

< Message edited by Ross G -- 12.Aug.2008 2:32:02 PM >
Post #: 1
RE: Certificates and L2TP/IPSEC - 12.Aug.2008 2:33:31 PM   
Ross G

 

Posts: 11
Joined: 5.Aug.2004
From: Michigan
Status: offline
Solved this myself, answer is here about half way down.

http://technet.microsoft.com/en-us/library/cc759575.aspx

(in reply to Ross G)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> Certificates and L2TP/IPSEC Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts