sorry, i dont know mate :( not my strong point dude! -----Original Message----- From: Sam Sneed [mailto:[EMAIL PROTECTED]] Sent: 31 January 2003 21:55 To: [EMAIL PROTECTED] Subject: CCIE or a masters degree? [7:62287]
I was wondering, should I go for......... haha fooled you. If it takes trickery to get this question answered so be it. don't take this post the wrong way........... I have a 3600 router that current supports PPTP win2K clients using win2K client. I do not wnat to use Cisco client for VPN. What I am trying to do is authenticate using digital certificates. The Cert server is Win2K certificate server. I used a MS machine as VPN server with certificates and it works. I now need to get the Cisco router to do the same. Currently VPN users connecting to 3640 router and are authenticated via IAS using domain logons and it works fine this way. Has anyone implemented this? The router has certificate and it all looks OK. I'm not sure how to configure the router to use digital certificates to authenticate the users instead of username/password. When I try to login I get "verifying username and password" and then error 619 : the specifoed port is not connected. Here is config: aaa new-model aaa authentication login default group tacacs+ local line none aaa authentication ppp default group radius aaa authorization network default group radius none enable secret 5 $1$2MGM$ttPEfWBYGVf.Hc78TEuwn0 vpdn enable ! vpdn-group 1 ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! vpdn-group 2 ! ! crypto ca identity mscert enrollment mode ra enrollment url http://99.17.4.20:80/certsrv/mscep/mscep.dll crypto ca certificate chain mscert certificate 61285CC9000000000004 ... ... 1CAC37AB 61BDC6 quit certificate ra-sign 6144F532000000000002 .......... quit certificate ra-encrypt 6144F7EF000000000003 ................. ............. certificate ca 1B36F87430D2D4AC47DC9C0E1C4D9320 interface Virtual-Template1 ip unnumbered FastEthernet0/0 ip nat inside ip mroute-cache no keepalive peer default ip address pool vpn ppp encrypt mppe 128 required ppp authentication ms-chap ppp timeout authentication 5 ! ip local pool vpn 123.17.10.31 123.17.10.254 ......... For more information about Barclays Capital, please visit our web site at http://www.barcap.com. Internet communications are not secure and therefore the Barclays Group does not accept legal responsibility for the contents of this message. Although the Barclays Group operates anti-virus programmes, it does not accept responsibility for any damage whatsoever that is caused by viruses being passed. Any views or opinions presented are solely those of the author and do not necessarily represent those of the Barclays Group. Replies to this email may be monitored by the Barclays Group for operational or business reasons. ------------------------------------------------------------------------ Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62311&t=62287 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]