Guy recommends :
Free Solarwinds
VM Console

Find out which of your VMs are a waste of space and which VMs need more resources.

Custom Search

Solarwinds' free monitor makes it easy to check the performance and health of a router or firewall.

Download your free Network Device Monitor

1) FreePing
2) Engineer's Toolset
3) Xobni
4) PuTTY
5) WMI Monitor
6) BgInfo
7) Net-SNMP
8) IP Address Tracker
9) DNS Stuff
10) WinDiff Compare

L2TP Certificates in Windows Server 2003

Introduction to L2TP Certificates

L2TP (Layer two Transport Protocol) is the preferred method to secure data over a VPN. The other alternative, PPTP (Point to Point Tunnelling Protocol) is less secure and slower. For instance, only L2TP will allow IPSec data encryption.

‡

L2TP Mission

To make a L2TP VPN connection between a client and server. This turned out to be one of my most difficult configuration tasks in the whole of Windows 2003, it took two of us three days to get it to work. (We did have other jobs during the three days.)

Getting to first base

The goal here is to get a default VPN working over the LAN.

At the Server

The first stage was easy, configuring RAS on the Windows Server 2003. Right click the server object, and select the third radio button Virtual Private Network (VPN) and NAT. Then selected the Network connection, configuring a DHCP scope.

Trap One

The default Remote Access Policy Denies anyone logging in. Easy change the radio button to = Grant remote access.

Trap Two

Check the test user who will dial-in. Properties, Dial-in (tab) set to: Allow access or Control access through group policy. If necessary Raise Domain Level to Windows 2000 native. or Windows Server 2003 native.

At the client

Network connections New Connection

Trap Three

Select 'Do not dial an initial connection' - Remember this is a LAN experiment

You should now have succeeded in connecting using a VPN over your LAN, the proof will be a new computer icon low in the navigation area (Systray).

Home run - Connect your VPN using L2TP

The problem is - You get error messages when you select L2TP

From the client you select the VPN, Properties, Networking, Type of VPN and change Automatic to L2TP. You get error 789, 769 or 800.

The solution is - Install a certificate

Note we were using Windows Active Directory CA, if you are using a Stand Alone certificate server the procedure is slightly different.

Trap Four

Do use a client on a different machine. Whilst you can normally test RAS clients on the server, it does not work for L2TP

Instructions

From the client request a certificate from the server http://serverIP/certsrv (not certSVR).
Select Advanced Request, Submit a certificate request to this CA using a form
Select Administrator (User is the default). Leave all the other settings as default.
Scroll down and press - Submit
Install this certificate screen should appear.

Now try to connect using a L2TP VPN. At the client Network Connections, select the VPN, Properties, Networking, Type of VPN and change Automatic to L2TP.

Guy Recommends 3 Free Active Directory Tools

Solarwinds have produced three Active Directory add-ons. These free utilities have been approved by Microsoft, and will help to manage your domain by:

Seeking and zapping unwanted user accounts.
Finding inactive computers.
Bulk-importing new users. Give it a try.

Download your FREE Active Directory administration tools.

If you like this page then please share it with your friends

Guy Recommends:
Orion's NPM - Network Performance Monitor

Orion's performance monitor is designed for detecting network outages. NPM makes it easy to see what's working, and what needs your attention.

This utility guides you through creating network maps. It also helps troubleshooting by indicating whether the root cause is faulty equipment, or resource overload.

Download a free trial of Network Performance Monitor

Please report a broken link, or an error.