In secpol.msc under "ip security policies on local machine". open up one of the pre built policies and go to authentication. you have a choice of pre shared key,cert and kerberos. kerberos is checked off as the default. Thanks
-----Original Message----- From: Bernard, Aric [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 11:51 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Can you clarify as to where you are seeing Kerberos as an option for L2TP/IPSEC? Thanks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, November 24, 2004 8:41 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Then why oh why is kerberos an option? thanks -----Original Message----- From: Bernard, Aric [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 24, 2004 11:37 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Hate to beg.. Tom, I do not think you can use L2TP/IPSEC without a certificate. Regards, Aric -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Wednesday, November 24, 2004 8:28 AM To: ActiveDir (E-mail) Subject: [ActiveDir] Hate to beg.. I don't want to beat a dead horse,but can someone point me to a doc or resource on configuring Win2k RRAS VPN server for L2TP/IPsec with WinXP clients using Kerberos and NOT pre-shared keys or certs? I have edited ipsec gpo's on both client and RRAS server and still I get a "need cert" error. Please help. Thanks. I know I've been sending alot of emails to the list on this but i really would like to get it going. I have 10 winxp domain members(user and machine) that need to connect over a dsl link thru the internet to us for exchange email,auth,and term services. I wanted to implement a RRAS IPsec solution so i wouldn't have to push out vpn clients. This dept of users does not have the money to buy a dedicated server for end to end RRAS so I think this solution works best. However,right now its a chicken and egg thing so i can't push out a cert and would rather use IPsec instead of pptp. Thanks again List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/