Simple description:
The L2tp/ipsec VPN leverages IPsec for data encryption and provides user authentication and computer authentication, that is, verifying the identity of the computer before establishing l2tp/ipsec, and then verifying the identity of the dial-in user. There are two ways in which computer authentication is available: 1. Pre-shared Key 2. Certificate authentication
The following experiment L2tp/ipsec certificate authentication for site to site:
Figure Beijing head office and Tianjin branch through ISA to establish site to site L2TP Vpn.
My experimental environment is shown below
03server01: Beijing Isa
03server02: Tianjin Isa
08server01:dc
XP01: Beijing pc
XP02: Tianjin pc
The IP addresses of the above PCs are configured according to the network topology, in which the Beijing head office is the domain environment, but the Beijing Isa is not joined to the domain, Tianjin branch is the Working Group environment.