For Windows 2000 and XP, how do I download and install the L2TP/IPsecNAT-T update?

How to tell if you need this update

If your Windows 2000 or Windows XP computer is assigned a private IP address and must go through a network address translation (NAT) device to connect to the Internet, and if you wish to make VPN connections to the Indiana University network, then you'll need Microsoft's L2TP/IPsec NAT-T patch.

Note: If you use Windows XP, you should install Windows XP Service Pack 2 (SP2), because it contains the L2TP/IPsec NAT-T update, in addition to other important system updates. Updates in SPs have gone through more testing than the original updates and may include important changes not available in the original update. For more, see What are service packs for Windows, and where can I get them?

A NAT device is any sort of router or network hardware that does network address translation between the Internet and a computer or network using private IP addresses. Most home and small office routers fit this description, though it's possible for large businesses and networks to use private IP addresses and NAT devices. If your computer's IP address falls within the following ranges, you have a private IP address and definitely connect to the Internet through a NAT device:

For information on how to find your computer's IP address, see In Windows, how do I check my computer's IP address or physical (aka MAC) address?

If you have any other IP address, you do not need this update for that specific connection. Keep in mind that you may need it for connections at other locations if you have to use private IP addresses and NAT devices there.

How to download and install the update

Note: To install items from the URL below, you must be logged in with administrative privileges. For more, see In Windows 2000 and XP, what is the Secondary Logon service?

Note: At Indiana University, the IT Security Office (ITSO) recommends that you normally run your Windows computer as a member of the Users Group, not as an administrator or a member of the Power Users Group. For more information, see In Windows 2000 and later, why should I avoid running my computer as an administrator or Power User? For tasks requiring administrative access, you can gain it quickly using the Windows Secondary Logon service. For more information, see What is the principle of least privilege?

The L2TP/IPsec NAT-T update is available from the Microsoft Update Catalog. (You must use Internet Explorer 6.0 or higher to access this web site.) From this catalog:

1. In the Search box, enter L2TP.
   
   
2. On the resulting page, select the update for your system (Windows XP or Windows 2000).

   Again, if you use Windows XP, you should install SP2 instead of this individual update.

3. On the "Language Selection" tab, make sure the setting is English.
   
   
4. In the box that appears after you make your selection, click Add to Basket and then click Close to close the window.
   
   
5. Click view basket, and then click Download.
   
   
6. Click Browse... to select a folder in which to save the update; any folder will do, as long as you remember where it is. Click Download Now.

   Note: The path to the file you choose can't be longer than 50 characters. If you save to your desktop, you will probably fall under this limit; if you try to save to a folder on your desktop, the path name may be too long, and you will need to choose another location.

7. After the file downloads, browse to the folder you saved it in, and then browse through the subfolders to find the .exe file that installs the update. The .exe filename will vary depending on which version of Windows the update is for, but it will be the only .exe file in any of those folders. For example, the filename for Windows XP SP1 is WindowsXP-KB818043-x86-ENU.exe. The filename for Windows 2000 Professional SP4 is Q818043_W2K_SP5_x86_EN.EXE. (The file may have a large string of numbers and letters between the "en" and the ".exe".) You may have to browse through as many as seven subfolders to reach the .exe file. When you find the file, double-click it.
   
   
8. After a few seconds, you will be prompted to choose a directory into which to extract the compressed files. The default directory is the one the .exe file is in; you can extract the files into that one or change it to anything you want. The files will be automatically deleted once the update is finished, so it doesn't matter where the directory is. Click OK, and the installer will launch.
   
   
9. You will see the Q818043 Setup Wizard launch. Click Next.
   
   
10. Select I Agree on the License Agreement page, and click Next.
    
    
11. The Setup Wizard will install the patch. Click Finish when it's done.

At this point, configure the VPN connection according to the directions for your operating system. For Windows XP, see In Windows XP, how do I make a VPN connection to the IU network?