PLONK!!!!! ( just kidding )
-- TANSTAAFL "there ain't no such thing as a free lunch" ""Sam Sneed"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I was wondering, should I go for......... haha fooled you. > > If it takes trickery to get this question answered so be it. > > don't take this post the wrong way........... > > I have a 3600 router that current supports PPTP win2K clients using win2K > client. I do not wnat to use Cisco client for VPN. > What I am trying to do is authenticate using digital certificates. The Cert > server is Win2K certificate server. I used a MS machine as VPN server with > certificates and it works. I now need to get the Cisco router to do the > same. Currently VPN users connecting to 3640 router and are authenticated > via IAS using domain logons and it works fine this way. > Has anyone implemented this? The router has certificate and it all looks OK. > I'm not sure how to configure the router to use digital certificates to > authenticate the users instead of username/password. > When I try to login I get "verifying username and password" and then error > 619 : the specifoed port is not connected. > > Here is config: > > aaa new-model > aaa authentication login default group tacacs+ local line none > aaa authentication ppp default group radius > aaa authorization network default group radius none > enable secret 5 $1$2MGM$ttPEfWBYGVf.Hc78TEuwn0 > > vpdn enable > ! > vpdn-group 1 > ! Default PPTP VPDN group > accept-dialin > protocol pptp > virtual-template 1 > ! > vpdn-group 2 > ! > ! > crypto ca identity mscert > enrollment mode ra > enrollment url http://99.17.4.20:80/certsrv/mscep/mscep.dll > crypto ca certificate chain mscert > certificate 61285CC9000000000004 > ... > ... > 1CAC37AB 61BDC6 > quit > certificate ra-sign 6144F532000000000002 > .......... > > quit > certificate ra-encrypt 6144F7EF000000000003 > ................. > ............. > certificate ca 1B36F87430D2D4AC47DC9C0E1C4D9320 > > interface Virtual-Template1 > ip unnumbered FastEthernet0/0 > ip nat inside > ip mroute-cache > no keepalive > peer default ip address pool vpn > ppp encrypt mppe 128 required > ppp authentication ms-chap > ppp timeout authentication 5 > ! > ip local pool vpn 123.17.10.31 123.17.10.254 > > ......... Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62298&t=62298 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]