Hello All, Hoping you can help me with this query. I have setup a L2TP/IPSEC VPN to our corporate network (all Windows 7 & 2008 R2) and it all works fine. If I use the auto enrollment policy to install a machine certificate on a domain member then it has no issues connecting to the network through the VPN. I also need to allow users to connect from their home PC's. These PC's are not on the domain and therfore cannot use the autoenrollment process. I can allow them to connect via PPTP in order to get a certificate but when I use the web enrollment as a normal user the only templates available are User and Basic EFS. I have successfully installed the Root CA on the home clients. Can anyone please point me in the right direction to install a machine certificate on a PC which is not part of the domain. Alternatively is it possible to use user certificates instead of machine certificates for the IPSEC connection? Thanks in advance. Regards, John Paul

Yes, it is possible to use user certificates instead of computer certificates for the IPSec connection. Using the Web enrollment pages, generate a user certificate on the non domain member and make sure you select "Mark keys as exportable". Export the certificate and key from the user store and import it to the the computer store. /Hasain

Thanks Hasain, That worked perfectly, I was so close yet so far away :) Regards, JP