Hi All, Previously I have already setup Active Directory and Network Policy and Access Services, Routing and Remote Access etc in Server 2008 and have tested IPSec VPN using Pre-shared key from a client successfully. Now I want to implement cert based IPSec VPN, how do I go about setting up Server 2008 for this? I have installed a external CA pub cert into Windows Server 2008 and I can view it at the Local Computer's "Trusted Root Certificate Authorities." I have tried adding Active Directory Certificate Services but under the CA type I could not choose this CA. Similarly I have tried following instructions from: "http://araihan.wordpress.com/2009/10/06/configure-l2tp-ipsec-vpn-using-windows-server-2008/" which shows the steps to install Network Policy Server and the Health Registration Authority but it shows that "no Certificate Authorities has been found installed in this domain" even though I have installed the CA cert which can be viewed at the Local Computer's "Trusted Root Certificate Authorities." In summary I have a external CA pub cert and the corresponding user cert (Both are not Microsoft based). Now I want to setup the IPSec server in Windows Server 2008 to be cert based so that I can connect to it using a client with the corresponding user cert. Few questions: -> How do I do the setup? For IPSec Pre-shared key it can be done easily as shown here: http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/A_4281-Windows-2008-RRAS-VPN-L2TP-with-Preshared-Key-IPsec-creation.html How about cert based? How do I link to the external CA? Must i link to the AD users? Thanks In Advance, Perumal

I don't know the answer for sure here, but I think you need to get a certificate (both private/public) key from the External CA to the NPS server. The certificate must be for that specific application, called Enhanced Key Usage (EKU). I think you should ask this question on the following forum: http://social.technet.microsoft.com/Forums/en-SG/winserverNIS/threads