Need assistance in VPN setup

Unanswered Question

Reading over this forum, seems everyone has trouble setting up VPN access on the SA540. I'm no different.

One thing I DID figure out is, the quickVPN client works much better if you delete any IKE and/or VPN profiles first. Seems backwards I know, but if there's a a manual setup in the SA540, quickVPN sits there and gives me errors all day long. Remove setup, and it works.

Now my particular issue is, I need to establish IPSec or SSL VPN with Windows 7 / XP built-in VPN. QuickVPN users can't be stored remotely on a RADIUS server, and this is an issue I can't work around.

I'm thinking there's a connection issue due to the "local gateway" and "remote endpoint" settings. No idea what these should be set to, and the Admin Guide didn't help. As far as I can tell, there isn't a remote endpoint setting to be had, because these are remote users connecting from random IPs from across the internet.

Second issue is, having some serious trouble getting certificates to work. We don't have a PKI established anyway, but I created a lab setup with Server 2008 R2 and managed to create and upload a local cert, machine cert (to client) and a private CA cert. The SA took the pertinent certs, but client VPN either says "server certificate is not trusted" in the case of QuickVPN, or if I try connecting over L2TP/IPSec "tunnel failed - a certificate chain started processing but failed". Very annoying.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hyeh Tue, 06/08/2010 - 10:26

Hi Patrick

From your description SSL VPN probably the best solution.

It does support RADIUS server, and you don't need a VPN client

to be installed on your Wndows. A Web browser is good enough.




This Discussion