02-18-2010 02:16 AM
Hello,
customer is using a cisco-router to terminate VPN-Connections. The connections are verified using a CA-Server running Windows 2003 via SCEP.
Now customer is upgrading his server environment to Windows 2008. In a white-paper from Microsoft I found that SCEP is supported only withe Enterprise or DATA-Center Edition of Windows 2008.
Is it true, that customer needs an enterprise edition just to be able to communicate with his cisco-router?
Is there another implemenation, other than SCEP?
Any help and comments are welcome!
regards
Hubert
02-18-2010 09:07 AM
SCEP is used to enroll certificates online, I believe it is also used to check CRL lists from the CA server, if your routers are constantly enrolling to this certificate server then you will need SCEP, on the other hand, certificate enrollment can be performed offline using manual enrollment. This will apply for any vpn client connecting to the router as well.
02-21-2010 02:44 AM
Unfortunately, the NDES service (SCEP) is only supported on Enterprise or Datacenter versions of WS 2008 or 2008 R2. There is an Open Source package called OpenCA which supports SCEP. It could be installed as an intermediate CA to the Microsoft Root CA to handle the SCEP enrollment requests.
http://www.openca.org/projects/openca/
Jim
12-13-2011 03:22 AM
Hi guys!
Are there any other solutions to use Cisco-VPN+etokens without bying enterprise version of windows server? Has anyone tested cisco IOS CA + etokens? How to enroll certificates to eTokens from cisco CA? Any advices about that will be helpfull.
Thank you!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide