IPsec certificates and virtual private networks

Virtual private network (VPN) Internet Protocol security (IPsec) certificates are used in three situations, described in this topic.

IPsec tunnel mode site-to-site VPN

If you are using IPsec tunnel mode to establish a site-to-site VPN connection, you can use an IPsec certificate or a preshared key for tunnel encryption. We recommend that, for security reasons, a privately issued certificate (from your local certification authority) be used in this situation. You will be prompted to select a certificate from the local computer store of the ISA Server computer or array.

L2TP over IPsec site-to-site VPN

If your site-to-site VPN connection is made using Layer Two Tunneling Protocol (L2TP) over IPsec, you can use a computer certificate or a preshared key. We recommend that, for security reasons, a privately issued certificate (from your local certification authority) be used in this situation.

VPN clients

For VPN clients, if you enable L2TP over IPsec, you can use a computer certificate or a preshared key. We recommend that, for security reasons, a privately issued certificate (from your local certification authority) be used in this situation. If you choose to use a preshared key, this can be configured in General VPN Configuration on the Authentication tab.

Notes




web link Get latest ISA Server content at ISA Server Guidance.
Send feedback about this page Send feedback about this page.