Hello,
We’re moving our VPN’s from our Fortigate to our CCR1009. For now we are using the “Use IPSec” flag in L2TP Server and configuring the clients as PSK. The users are authenticating over a Windows Server 2008 with NPS as a RADIUS server.
I would like to authenticate the IPSec tunnel with certificates instead of PSK, once the PSK is not recommended. I saw that using the ‘Use IPSec’ flag creates some dynamics configs in IP - IPSec to get it working.
So I ask:
- Will I have to unflag the ipsec option in L2TP server and configure manually the IPSec?
- Can I request a certificate from RB and assign it using my internal CA? If yes, does someone know with template (in Microsoft CA enviroment) should I use?
Luiz