In Windows XP, how do I make a VPN connection to the IU network?

Before you start: If you are behind a NAT device (e.g., a home or small business router) or your IP address is a private IP address, you must download an update from Microsoft before you can successfully connect using an IPsec VPN connection. To determine if this situation applies to you, refer to For Windows 2000 and XP, how do I download and install the L2TP/IPsecNAT-T update?

This document explains how to manually set up a VPN connection in Windows XP at Indiana University Bloomington and IUPUI. UITS recommends that you set up a VPN connection to IU for Windows XP by using the VPN Installers, available from the IUware CD or from IUware Online at:

http://iuware.iu.edu/list.aspx?id=134

This software automatically does what the instructions in this document describe how to do manually.

On this page:

Introduction

Note: IU's VPN is intended for individual computing accounts only. Group and departmental accounts cannot access the VPN. See Why can I not make a VPN connection through an IU group or departmental account?

Note: To use the wireless network on any Indiana University campus, you must first ensure that you have a strong wireless connection signal. For added security and full access to IU resources, you need to establish a VPN connection. IU students, faculty, and staff need to register their computers before making a wireless connection at IU Bloomington and IUPUI. See the instructions in the "On-campus wireless" section of At IUB and IUPUI, how do I register my computer? (If you are using a Network Access account, instead see At IUB and IUPUI, what is a Network Access account, and how do I get one?)

Creating a VPN connection

To create a virtual private network (VPN) connection to the IU network using Windows XP, either wirelessly or remotely, follow these steps:

In the Windows XP default view, from the Start menu, right-click Network Places and select Properties. In the Windows XP Classic View, from the Start menu, follow these steps:
1. Click Settings, and then Control Panel.
2. In the Control Panel window, if "Pick a category" appears in large print, on the left frame in the "Control Panel" section, click Switch to Classic View.
3. In the main window, you should now see all the control panels. Double-click Network Connections.
In the left frame in the "Network Tasks" section, click Create a new connection.
Note: If you do not see "Network Tasks", look for New Connection Wizard in the main window, and double-click it. You also may go to the File menu and choose New Connection there.
The New Connection Wizard should open. Click Next and select Connect to the network at my workplace. Then, click Next again.
Select Virtual Private Network connection and click Next.
Note: If the Virtual Private Network option is not available, you may need to enable the Remote Access Connection Manager service. For more information, see In Windows 2000 or XP Professional, why is the option to create a VPN connection unavailable?
Type a name for the connection (e.g., IU-VPN ) and click Next. You can enter any name you wish.
Note: If your computer already has a Dial-Up Networking icon, at this point you may see the following message:
"Windows can automatically dial the initial connection to the Internet or other public network before establishing the virtual connection".
If you don't see the above message, proceed directly to the VPN Server Selection window (see step 7). If you do see the message, do the following:
- In the Public Network window, you must tell Windows what public network connection you will use to attach to your VPN:
  - If you are connected to a persistent Internet connection (e.g., Ethernet), you should choose Do not dial the initial connection.
  - If you must dial in to be connected to the Internet, you should choose Automatically dial this initial connection and select your Internet service provider (ISP) connection.
- Click Next.

In the VPN Server Selection window, type the name or IP address of the VPN server, and then click Next.

Use the table below to find your VPN server for both remote (e.g., cable modem, DSL, or outside Internet service provider) and wireless VPN connections:

Campus	VPN server

IU Bloomington	`ipsec.indiana.edu`
IU East	`vpn.iue.edu`
IU Kokomo	`vpn.iuk.edu`
IU Northwest	`149.162.8.2`
IUPUI	`ipsec.iupui.edu`
IU South Bend	`vpn.iusb.edu`
IU Southeast	`vpn.ius.edu`

At this point, you may see the message:
"You can configure this connection to use your smart card to log you into the remote network. Select whether to use your smart card with this connection".
Choose Do not use my smart card and click Next.
In the Connection Availability window, select the option most appropriate for your situation. Click Next.
Note: If you are using a wireless card and wish to log into a domain (including ADS) upon starting Windows XP, you must select the Anyone's use option. Selecting this option will make the VPN connection available when you choose Log on using dial-up connection at the login screen.
On the last screen, if you want a shortcut icon on your desktop for the new connection, select Add a shortcut to this connection to my desktop. Click Finish.

Configuring your VPN connection

To properly configure your VPN connection, follow these steps:

After you've created your VPN connection, Windows XP should open the connection automatically for you. If it does, select Properties. If it does not, right-click the new connection icon, and then select Properties.
Click the Options tab. Check the boxes for Prompt for name and password, certificate, etc. and Include Windows Logon Domain.
Click the Networking tab. If you're on the Bloomington or Indianapolis campus, set "Type of VPN:" to L2TP IPSec VPN. If you're on any other campus, set it to PPTP VPN.
In the "This connection uses the following items:" field, only the following should be checked:
- Internet Protocol (TCP/IP)
- File and Printer Sharing for Microsoft Networks
- Client for Microsoft Networks
Select TCP/IP, and then click Properties.
Select both Obtain an IP address automatically and Obtain DNS server address automatically, and then click OK.
Click the Security tab.
If you selected PPTP VPN in step 3 above (i.e., if you set "Type of VPN:" to PPTP VPN), skip ahead to step 10.
If not, if you selected L2TP IPSec VPN, click the IPSec Settings... button and proceed to the next step.
Check the box labeled Use pre-shared key for authentication. Then, in the "Key:" field, type hermanbwells . Click OK.
Select Advanced (custom settings), and then click Settings... .
Under "Logon Security", select Allow these protocols, and make sure the only checkbox selected is Microsoft CHAP Version 2 (MS-CHAP v2). Click OK and then Close.

Establishing a VPN connection

To establish a VPN connection, follow these steps:

After configuring your VPN connection, you should be back to the authentication screen for your new connection. If not, get there by double-clicking the new connection icon. Or, in XP's default Start menu, find it by clicking Start, then Connect To, and finally the name of the connection. In XP's Classic Start menu, click Start, then Settings, then Network Connections, and finally the name of the connection.
Note: It may take up to a minute to establish a connection with the VPN server. Please be patient. If you have problems connecting, note any error messages and contact your campus Support Center.
You will see a place to enter a username, password, and domain. Enter your IU username and password, and in the domain field, enter ADS .
When the connection is established, you should see a new icon in the system tray. This icon is identical to the one for dial-up connections.
To disconnect and terminate the connection, double-click the icon in the system tray and choose Disconnect.

Also see:

This is document akko in domain all.
Last modified on November 30, 2007.

Please tell us, did you find the answer to your question?