VPN Client and Machine Certificates for Unattanded VPN access

[Mike Lanham-Hathaway]

Hi There,

I am looking for information on if it is possbile to get the MS VPN Client
to use digital authentication certificates issued into the machine
certificate store for establishing an IPsec VPN? I have a number of XP
workstations acting as information kiosks that will require secure access to
a network with no user intervention. I want to know if it is also posible to
get XP to establish this VPN at boot time rather than have a user start this
manually??

Any help would be great.

Mike

 

[Brian Komar]

You need to understand how the MS VPN client works. If you are planning on
using IPSec, the client uses L2TP over IPSec, not pure IPSec.
This means that the machine store is read for the IPSec authentication
certificate. For the actual user authenticatoin of the VPN, the certificate
must be in the user's store. Thus, you could not have the VPN launched
automatically using a machine assigned certificate. The user would have to
log on to do this or provide credential/certificate to do this

Brian

"Mike Lanham-Hathaway" <MikeLanhamHathaway@discussions.microsoft.com> wrote
in message news:4FD76545-D3E7-4F73-8A91-2516B6736309@microsoft.com...
> Hi There,
>
> I am looking for information on if it is possbile to get the MS VPN Client
> to use digital authentication certificates issued into the machine
> certificate store for establishing an IPsec VPN? I have a number of XP
> workstations acting as information kiosks that will require secure access
> to
> a network with no user intervention. I want to know if it is also posible
> to
> get XP to establish this VPN at boot time rather than have a user start
> this
> manually??
>
> Any help would be great.
>
> Mike