You do not need certificates nor certificate server. You can do L2TP/IPSEC with PSKs.
That is not a recommendation for/against PSK-based IPSEC VPN, you'll have to make that judgement based on your own needs. Carl -----Original Message----- From: Jim Dandy [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 30, 2008 8:14 PM To: NT System Admin Issues Subject: L2TP & Certificate server >From what I've read about Windows Server 2003, you have to have a certificate server to implement L2TP/IPSec. I don't expect to have many VPN clients. Is there a problem with buying certificates instead of running a certificate server? If I was to run my own certificate server, what best practices should I follow to keep it secure? I'm guessing it would NOT be a good idea to have the VPN server double as the certificate server (although that's what I'd like to do). I'm looking at implementing L2TP instead of PPTP because of the extra security it provides but It wouldn't do much good to have the extra security if my certificate server wasn't secure. Thanks for your help. Curt ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
