Friday, November 27, 2015

Install Computer Certificates for L2TP/IPSec

If you use an L2TP/IPSec site-to-site connection, you must install a computer certificate on both the answering router and on the calling router. You must have a certification authority (CA) in your network to issue these certificates.
You can install a computer certificate for L2TP/IPSec by using one of three methods:
  • Configure the automatic enrollment of computer certificates in a Windows Server 2003 domain system container by using Group Policy.
  • Use the Certificates snap-in to request a computer certificate.
  • Use your Web browser to connect to the CA Web enrollments pages to request a certificate.
Note
  • It is also possible to use a preshared key to provide authentication for IPSec security associations for an L2TP/IPSec connection. However, using computer certificates is the recommended method.
For information about how to create a certificate infrastructure and install computer certificates, see Certificate Services in Help and Support Center for Windows Server 2003, and see "Designing a Public Key Infrastructure" in Designing and Deploying Directory and Security Services of this kit. For more information about configuring a preshared key, seeConfigure a pre-shared key for a demand-dial routing interface in Help and Support Center for Windows Server 2003.

No comments:

Post a Comment