L2TP ASA to Windows XP / Vista with certificates

Unanswered Question
Oct 7th, 2008

I'm trying to configure an L2TP remote access connection in the ASA to connect from a Microsoft Windows XP / Vista client. I haven't found any example in Cisco website (only for preshared key L2TP connection) so I have a lack of information.

First of all, what type of certificate do you need for the client? User or machine, any of them, both?

And for the ASA? Do you know any link to configure L2TP with certificates or do you have any configuration?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
hadbou Mon, 10/13/2008 - 09:17

The primary benefit of configuring L2TP with IPSec in a remote access scenario is that remote users can access a VPN over a public IP network without a gateway or a dedicated line, enabling remote access from virtually anyplace with POTS. An additional benefit is that the only client requirement for VPN access is the use of Windows 2000 with Microsoft Dial-Up Networking (DUN). No additional client software, such as Cisco VPN client software, is required.To configure L2TP over IPSec, first configure IPSec transport mode to enable IPSec with L2TP. Then configure L2TP with a virtual private dial-up network VPDN group.

jmprats Tue, 10/14/2008 - 04:32

I know how to do an L2TP VPN with preshared key. My question is about how to do it with certificates.


tencharacters Mon, 10/20/2008 - 13:01

For Vista, you want to create an L2TP IPSec VPN connection object, then you just choose the radio button for Use certificate for authentication.

Now this is for machine authentication and those certs have to be issued by an internal CA and provisioned onto each machine.

I suppose you could do this with user certs, but I'm not sure why you would.


This Discussion