In Windows XP, how do I make an IPsec VPN connection to the IU network?
Note: For VPN when connecting from off campus, use the recommended SSL VPN if your campus supports it. The IPsec VPN at IUB and IUPUI will eventually be retired.
This document explains how to manually set up an IPsec virtual private network (VPN) connection in Windows XP at Indiana University Bloomington and IUPUI. If you wish to make such a connection, UITS recommends that you use the VPN installers, available from IUware. This software automatically does what the instructions in this document describe how to do manually.
Note: IU's VPN is intended for individual computing accounts only. Group and departmental accounts cannot access the VPN. See Why can't I make an IU Secure or VPN connection through an IU group or departmental account?
On this page:
Creating an IPsec VPN connection
Before you start: If you are behind a NAT device (e.g., a home or small business router) or your IP address is a private IP address, you must download an update from Microsoft before you can successfully connect using an IPsec VPN connection. To determine if this situation applies to you, refer to Microsoft article 818043.
To create an IPsec VPN connection to the IU network using Windows XP, either wirelessly or remotely:
- From the
Network Placesand select
Properties. Alternatively, from the Control Panel, open
- In the left frame in the "Network Tasks" section, click
Create a new connection.
Note: If you do not see "Network Tasks", look for
New Connection Wizardin the main window, and double-click it, or, from the
New Connection Wizardshould open. Click
Connect to the network at my workplace. Click
Virtual Private Network connectionand click
Note: If the
Virtual Private Networkoption is not available, you may need to enable the Remote Access Connection Manager service.
For help, see Microsoft Support.
- Type a name for the connection (e.g.,
IU-VPN) and click
- If your computer already has a
Dial-Up Networkingicon, you may see the following message:
"Windows can automatically dial the initial connection to the Internet or other public network before establishing the virtual connection."
If you see this message, in the
Public Networkwindow, select the connection to use to attach to your VPN:
- If you are connected to a persistent Internet
connection (e.g., Ethernet), choose
Do not dial the initial connection.
- If you must dial in to be connected to the Internet, choose
Automatically dial this initial connectionand select your Internet service provider (ISP) connection.
- If you are connected to a persistent Internet connection (e.g., Ethernet), choose
- In the
VPN Server Selectionwindow, type either
ipsec.indiana.edufor IUB or
ipsec.iupui.edufor IUPUI. Click
- If you see a message asking whether to use your smart card with
this connection, choose
Do not use my smart cardand click
- In the
Connection Availabilitywindow, select the option most appropriate for your situation.
Note: If you are using a wireless card and wish to log into a domain (including ADS) upon starting Windows XP, select
Anyone's use, which will make the VPN connection available when you choose
Log on using dial-up connectionat the login screen.
- On the last screen, if you want a shortcut icon on your
desktop for the new connection, select
Add a shortcut to this connection to my desktop. Click
Configuring your VPN connection
- After you've created your VPN connection, Windows XP should open
the connection automatically for you. If it does, select
Properties. If it does not, right-click the new connection icon, and then select
- Click the
Prompt for name and password, certificate, etc.and
Include Windows Logon Domain.
- Click the
Networkingtab. Set "Type of VPN:" to
L2TP IPSec VPN.
- Under "This connection uses the following items:", only the
following should be checked:
Internet Protocol (TCP/IP)
File and Printer Sharing for Microsoft Networks
Client for Microsoft Networks
QoS Packet Scheduler
TCP/IP, and then click
- Select both
Obtain an IP address automaticallyand
Obtain DNS server address automatically, and then click
- Click the
If you chose
L2TP IPSec VPNabove, click
IPSec Settings.... Check
Use pre-shared key for authentication, and, in the "Key:" field, type
Note: If you set "Type of VPN:" to
PPTP VPNabove, proceed to the next step.
Advanced (custom settings), and then click
- Under "Logon Security", select
Allow these protocols, and make sure the only checkbox selected is
Microsoft CHAP Version 2 (MS-CHAP v2). Click
Establishing the VPN connection
- After configuring your VPN connection, you should see the
authentication screen for your new connection. If you don't
see it, double-click the new connection icon. Alternatively, from the
Settings, and then
Network Connections), and select the connection.
- Enter your IU Network ID username and passphrase; for
the domain, enter
When the connection is established, you should see a new icon in the notification area. This icon is identical to the one for dial-up connections.
Note: It may take up to a minute to establish a connection with the VPN server. If you have problems connecting, note any error messages and contact your campus Support Center.
To disconnect and terminate the connection, double-click the icon
in the notification area and choose
Last modified on January 31, 2013.