| Author |
Message |
RObin
Guest
|
 Posted:
Wed Feb 09, 2005 4:57 am Post subject:
IPSEC VPN |
|
|
Hi there
I have configured a Cisco PIX to allow IPSEC VPN's to terminate on it. I can
connect using the Cisco VPN client software. However I am confused about the
Windows antive VPN functality. It mentions a lot the PPTP/IPSEC VPN in
everything I have read.
I am testing with 2000 pro and within network connections and it won't allow
me to create an IPSEC VPN. Please could somebody clrafiy if IPSEC tunnels are
supported in 2000 pro. And if anybody has any good links to read about VPN
and Windows, IPSEC
Confused. :-( |
|
| Back to top |
|
 |
S. Pidgorny
Guest
|
| Posted:
Wed Feb 09, 2005 4:15 pm Post subject:
Re: IPSEC VPN |
|
|
I believe XP doesn't support pure IPsec tunnel mode. It is available on the
server platforms with RRAS but not on the workstation products, that give
you a choice of L2TP over IPsec and PPTP. Both are supported by Cisco and
available in their IOS firewalls, PIX and VPN concentrators. You can use
EAP-TLS and smart card authentication too.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"RObin" <RObin@discussions.microsoft.com> wrote in message
news:2A636BC7-12DB-4266-B328-58BD64B8924E@microsoft.com...
| Quote: | Hi there
I have configured a Cisco PIX to allow IPSEC VPN's to terminate on it. I
can
connect using the Cisco VPN client software. However I am confused about
the
Windows antive VPN functality. It mentions a lot the PPTP/IPSEC VPN in
everything I have read.
I am testing with 2000 pro and within network connections and it won't
allow
me to create an IPSEC VPN. Please could somebody clrafiy if IPSEC tunnels
are
supported in 2000 pro. And if anybody has any good links to read about VPN
and Windows, IPSEC
Confused. :-( |
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Thu Feb 10, 2005 6:48 am Post subject:
Re: IPSEC VPN |
|
|
The Windows built in client offers both pptp and l2tp. L2tp uses ipsec for
encrypting the tunnel which is why it is referred to as l2tp/ipsec and the
connection requires a certificate or preshared key [XP Pro] which is best
used for testing purposes only. Ipsec tunnel mode can be used on a Windows
2000 or XP Pro computer to connect to an ipsec endpoint. Such an endpoint
does not use user authentication - only computer authentication via
certificate or private key and the ipsec policy is configured in Local
Security Policy/security settings/IP security. The links below explains
ipsec tunnel mode in more detail. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;252735
http://support.microsoft.com/default.aspx?scid=kb;en-us;265112
"RObin" <RObin@discussions.microsoft.com> wrote in message
news:2A636BC7-12DB-4266-B328-58BD64B8924E@microsoft.com...
| Quote: | Hi there
I have configured a Cisco PIX to allow IPSEC VPN's to terminate on it. I
can
connect using the Cisco VPN client software. However I am confused about
the
Windows antive VPN functality. It mentions a lot the PPTP/IPSEC VPN in
everything I have read.
I am testing with 2000 pro and within network connections and it won't
allow
me to create an IPSEC VPN. Please could somebody clrafiy if IPSEC tunnels
are
supported in 2000 pro. And if anybody has any good links to read about VPN
and Windows, IPSEC
Confused. :-( |
|
|
| Back to top |
|
|
S. Pidgorny
Guest
|
| Posted:
Thu Feb 10, 2005 3:18 pm Post subject:
Re: IPSEC VPN |
|
|
Steven,
The Q252735 applies to Windows 2000 Server versions, and Q265112 doesn't
have specifics about XP pro and Windows 2000 Professional configuration for
IPsec tunnel. I have never seen the systems working with 3rd-party VPN
servers using pure IPsec tubnnel - I might be wrong, but I still believe it
is neither supported nor recommended on the workstation OSs.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ec5sugyDFHA.1040@TK2MSFTNGP09.phx.gbl...
| Quote: | The Windows built in client offers both pptp and l2tp. L2tp uses ipsec for
encrypting the tunnel which is why it is referred to as l2tp/ipsec and the
connection requires a certificate or preshared key [XP Pro] which is best
used for testing purposes only. Ipsec tunnel mode can be used on a Windows
2000 or XP Pro computer to connect to an ipsec endpoint. Such an endpoint
does not use user authentication - only computer authentication via
certificate or private key and the ipsec policy is configured in Local
Security Policy/security settings/IP security. The links below explains
ipsec tunnel mode in more detail. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;252735
http://support.microsoft.com/default.aspx?scid=kb;en-us;265112
|
|
|
| Back to top |
|
|
Steven L Umbach
Guest
|
| Posted:
Fri Feb 11, 2005 6:34 am Post subject:
Re: IPSEC VPN |
|
|
Hi Svyatoslav.
I used ipsec tunnel to connect to my Netgear FVS318 [home]from my Windows
2000 Pro workstation [work] with pre shared key authentication. It actually
worked pretty good, though a bit slow. Using the VPN built in client would
be the best way to go if possible - much easier to configure and ipsec
policy configuration not recommended for the average VPN user. --- Steve
"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:O%23XV%23F1DFHA.3976@tk2msftngp13.phx.gbl...
| Quote: | Steven,
The Q252735 applies to Windows 2000 Server versions, and Q265112 doesn't
have specifics about XP pro and Windows 2000 Professional configuration
for
IPsec tunnel. I have never seen the systems working with 3rd-party VPN
servers using pure IPsec tubnnel - I might be wrong, but I still believe
it
is neither supported nor recommended on the workstation OSs.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ec5sugyDFHA.1040@TK2MSFTNGP09.phx.gbl...
The Windows built in client offers both pptp and l2tp. L2tp uses ipsec
for
encrypting the tunnel which is why it is referred to as l2tp/ipsec and
the
connection requires a certificate or preshared key [XP Pro] which is best
used for testing purposes only. Ipsec tunnel mode can be used on a
Windows
2000 or XP Pro computer to connect to an ipsec endpoint. Such an endpoint
does not use user authentication - only computer authentication via
certificate or private key and the ipsec policy is configured in Local
Security Policy/security settings/IP security. The links below explains
ipsec tunnel mode in more detail. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;252735
http://support.microsoft.com/default.aspx?scid=kb;en-us;265112
|
|
|
| Back to top |
|
|
Steve Riley [MSFT]
Guest
|
| Posted:
Sat Feb 12, 2005 2:31 am Post subject:
Re: IPSEC VPN |
|
|
While IPsec tunnel mode works in Windows XP, we don't support the use of
that for client remote-access VPNs. Pure IPsec tunnel mode is intended for
site-to-site VPNs only.
Steve Riley
steriley@microsoft.com
| Quote: | Hi Svyatoslav.
I used ipsec tunnel to connect to my Netgear FVS318 [home]from my
Windows 2000 Pro workstation [work] with pre shared key
authentication. It actually worked pretty good, though a bit slow.
Using the VPN built in client would be the best way to go if possible
- much easier to configure and ipsec policy configuration not
recommended for the average VPN user. --- Steve
"S. Pidgorny <MVP>" <slavickp@yahoo.com> wrote in message
news:O%23XV%23F1DFHA.3976@tk2msftngp13.phx.gbl...
Steven,
The Q252735 applies to Windows 2000 Server versions, and Q265112
doesn't
have specifics about XP pro and Windows 2000 Professional
configuration
for
IPsec tunnel. I have never seen the systems working with 3rd-party
VPN
servers using pure IPsec tubnnel - I might be wrong, but I still
believe
it
is neither supported nor recommended on the workstation OSs.
--
Svyatoslav Pidgorny, MVP, MCSE
-= F1 is the key =-
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:ec5sugyDFHA.1040@TK2MSFTNGP09.phx.gbl...
The Windows built in client offers both pptp and l2tp. L2tp uses
ipsec
for
encrypting the tunnel which is why it is referred to as l2tp/ipsec
and
the
connection requires a certificate or preshared key [XP Pro] which is
best
used for testing purposes only. Ipsec tunnel mode can be used on a
Windows
2000 or XP Pro computer to connect to an ipsec endpoint. Such an
endpoint
does not use user authentication - only computer authentication via
certificate or private key and the ipsec policy is configured in
Local
Security Policy/security settings/IP security. The links below
explains
ipsec tunnel mode in more detail. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;252735
http://support.microsoft.com/default.aspx?scid=kb;en-us;265112
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in