Use of Microsoft stand-alone root CA for VPN, Simple Certificate Enrollment Protocol (SCEP)

Discussion in 'Server Networking' started by Edward W. Ray/502974, Apr 6, 2004.

  1. I currently have a Windows 2003 native Active Directory Domain located
    behind a Netscreen-50 firewall. One of my domain controllers is set up as a
    stand-alone root CA. The Windows AD computers have no routable IPs; they
    are all NAT mapped behind the firewall. A DHCP server runs behind the
    firewall to assign static IPS to each computer which joins the domain. I
    plan to use a Netscreen 5GT at the client end to establish the VPN tunnel.
    Some questions:

    1. Can I keep the domain controller NAT-mapped or will I have to assign
    it a routable static IP?

    2. Is it possible to use SCEP to automate enrolling a PKCS10 cert

    3. Will I need to install the certificate on the 5GT prior to
    establishing the tunnel?

    4. Can a VPN connected computer join a Windows 2003 native AD domain?

    5. Can I join the remote computer to the Windows 2003 AD through the VPN
    tunnel, or will I have to join it prior to establishing the VPN tunnel?

    I already have a Netscreen doc to guide me through the VPN connection. If
    there are some corresponding Microsoft docs which address my questions,
    please provide the link.

    Thanks in advance!

    Edward W. Ray
    Edward W. Ray/502974, Apr 6, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.