I have a 3600 router that current supports PPTP win2K clients using win2K client. I do not wnat to use Cisco client for VPN. What I am trying to do is authenticate using digital certificates. The Cert server is Win2K certificate server. I used a MS machine as VPN server with certificates and it works. I now need to get the Cisco router to do the same. Currently VPN users connecting to 3640 router and are authenticated via IAS using domain logons and it works fine this way. Has anyone implemented this? The router has certificate and it all looks OK. I'm not sure how to configure the router to use digital certificates to authenticate the users instead of username/password. When I try to login I get "verifying username and password" and then error 619 : the specifoed port is not connected.
Here is config: aaa new-model aaa authentication login default group tacacs+ local line none aaa authentication ppp default group radius aaa authorization network default group radius none enable secret 5 $1$2MGM$ttPEfWBYGVf.Hc78TEuwn0 vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! vpdn-group 2 ! ! crypto ca identity mscert enrollment mode ra enrollment url http://99.17.4.20:80/certsrv/mscep/mscep.dll crypto ca certificate chain mscert certificate 61285CC9000000000004 ... ... 1CAC37AB 61BDC6 quit certificate ra-sign 6144F532000000000002 .......... quit certificate ra-encrypt 6144F7EF000000000003 ................. ............. certificate ca 1B36F87430D2D4AC47DC9C0E1C4D9320 interface Virtual-Template1 ip unnumbered FastEthernet0/0 ip nat inside ip mroute-cache no keepalive peer default ip address pool vpn ppp encrypt mppe 128 required ppp authentication ms-chap ppp timeout authentication 5 ! ip local pool vpn 123.17.10.31 123.17.10.254 ......... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62213&t=62213 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
