Ang: [VPN] W2K and XP native VPN clients to Cisco concentrator

hakan.palm at generic.se hakan.palm at generic.se
Tue Jul 1 13:34:03 EDT 2003


Alastair,

have you had a look at

Using a Microsoft Windows 2000 Client to Connect to the Cisco VPN 3000 Concentrator
http://www.cisco.com/warp/public/471/Win_client.html

(Configuring L2TP over IPSec from a Windows 2000 or XP Client to a Cisco VPN 3000 Series Concentrator Using Pre-Shared Keys)
http://www.cisco.com/warp/public/471/vpn3k_l2tp.html


Configuring the Cisco VPN 3000 Concentrator 3.0.X to Get a Digital Certificate
http://www.cisco.com/warp/public/471/installdigital.html


Configuring the Cisco VPN 3000 Concentrator 3.5.X to Get a Digital Certificate Using SCEP
http://www.cisco.com/warp/public/471/vpn3k_scep.html

HTH

Regards,
/Palm




	alastair.morrison at strath.ac.uk
2003-07-01 18:48
		
	Till:	vpn at lists.shmoo.com @ INTERNET
	Kopia:	(Blank: Hakan Palm/Generic)
	Ärende:	[VPN] W2K and XP native VPN clients to Cisco concentrator

I have been through the archives, and reading the thread
from September last year entitled "cisco limitations" (and
noting the stages that contributors to it were at) I get the
impression that the main question I have means that I am
missing something obvious.

Anyway, here is the situation and a couple of questions.

We have a Cisco 3030 VPN concentrator to which our
client W2K and XP machines currently connect using
Cisco's proprietary VPN client (no certificates).

We want to reduce the desktop support by allowing the
native W2K and XP VPN clients to attach (L2TP/IPSec).
The recommended way to do this appears to be by using
digital certificates.

As a pilot I have installed Certificate Services on a W2K
server and with it set up an Enterprise Root Certification
Authority (CA). It has produced a self-signed root certificate.

The Cisco concentrator requires the CA's certificate to
be installed before identity and SSL certificates can be
installed. The most straightforward method to achieve this
(of those provided by the concentrator) would seem to be
to upload the CA certificate file from the workstation.

However I cannot see, within the Windows Certification
Authority, how to save the CA's certificate as a file.
Can anyone advise me on this (or a better way to get that
Windows' certificate installed on the concentrator)?

Additionally, has anyone got a reference to a document on the
necessary steps to get the XP and W2K VPN clients working
with a third party VPN server, such as the Cisco concentrator?
I spent some time searching but could find no such item
(Cisco and MS sites provide pointers but nothing comprehensive,
as far as I can see)

Thanks,
Alastair Morrison

---------------------------------------------
alastair.morrison at strath.ac.uk
Strathclyde University
Glasgow      UK
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn






More information about the VPN mailing list