Saturday, October 06, 2012 2:00 PM
I really need your help, guys.
I am trying to configure a site-to-site L2TP over IPSec. On one end I have RRAS and on the other I have TMG 2010. I need the two machines to authenticate using certificates, not preshared keys, but I have no idea what type of certificates I need to make the two machines connect. I have a stand-alone CA on a Server 2008 machine and have distributed the root certificate of the CA to the RRAS and the TMG. I issued two "Server Certificates" - one for the RRAS and one for the TMG. Do I need to issue "IP security IKE Intermediate" certificates? The names of the certificates and the names of the machines match. When I installed the certificates they automatically went to the user certificates store. Why didn't they go the computer store? If you have the time and willingness, please address my questions. Thank you very much in advance.
Sunday, October 07, 2012 2:15 PMI guess I'm in the wrong forum.
Wednesday, October 10, 2012 2:10 AMModerator
Thanks for your post.
You need to setup an enterprise CA and create VPN template for RRAS server/TMG and VPN client. For more detailed information, you may refer to the following article. This’s step by step guide for deployment L2TP/IPsec certificate, it’s still applies to higher version.
How to create offline L2TP/IPSec Certificates
TechNet Community Support