Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

In Windows XP, how do I make an IPsec or PPTP VPN connection to the IU network?

Note: When connecting from off campus, SSL VPN is the replacement for IU's IPsec- and PPTP-based VPN services, and UITS recommends using it now if your campus supports it. PPTP is retired at IU Bloomington and IUPUI, and IPsec VPN service at those campuses will be retired by fall 2010.

IU Secure is the wireless network for students, faculty, and staff to access when on campus. IU Secure uses WPA2 Enterprise (Wi-Fi Protected Access) for authentication; no VPN is needed. IU Northwest will have IU Secure by spring semester 2010; it is available at all other campuses except IPFW.

Before you start: If you are behind a NAT device (e.g., a home or small business router) or your IP address is a private IP address, you must download an update from Microsoft before you can successfully connect using an IPsec VPN connection. To determine if this situation applies to you, refer to For Windows 2000, XP, or Vista, how do I download and install the L2TP/IPsecNAT-T update?

This document explains how to manually set up an IPsec or PPTP VPN connection in Windows XP at Indiana University Bloomington and IUPUI. If you wish to make such a connection, UITS recommends that you use the VPN installers, available from IUware Online. This software automatically does what the instructions in this document describe how to do manually.

On this page:

Introduction

Note: IU's VPN is intended for individual computing accounts only. Group and departmental accounts cannot access the VPN. See Why can't I make a VPN connection through an IU group or departmental account?

Creating an IPsec or PPTP VPN connection

To create an IPsec or PPTP virtual private network (VPN) connection to the IU network using Windows XP, either wirelessly or remotely:

  1. In the Windows XP default view, from the Start menu, right-click Network Places and select Properties. In Classic View, from the Start menu:

    1. Click Settings, and then Control Panel.
    2. In the Control Panel window, if "Pick a category" appears in large print, on the left frame in the "Control Panel" section, click Switch to Classic View.
    3. In the main window, you should now see all the control panels. Double-click Network Connections.

  2. In the left frame in the "Network Tasks" section, click Create a new connection.

    Note: If you do not see "Network Tasks", look for New Connection Wizard in the main window, and double-click it. You also may go to the File menu and choose New Connection there.

  3. The New Connection Wizard should open. Click Next and select Connect to the network at my workplace. Click Next again.

  4. Select Virtual Private Network connection and click Next.

    Note: If the Virtual Private Network option is not available, you may need to enable the Remote Access Connection Manager service; see In Windows 2000 or XP Professional, why is the option to create a VPN connection unavailable?

  5. Type a name for the connection (e.g., IU-VPN ) and click Next. You can enter any name you wish.

  6. Note: If your computer already has a Dial-Up Networking icon, at this point you may see the following message:

    "Windows can automatically dial the initial connection to the Internet or other public network before establishing the virtual connection".

    If you don't see the above message, proceed directly to the VPN Server Selection window (see step 7). If you do see the message:

    • In the Public Network window, you must tell Windows what public network connection you will use to attach to your VPN:

      • If you are connected to a persistent Internet connection (e.g., Ethernet), choose Do not dial the initial connection.
      • If you must dial in to be connected to the Internet, choose Automatically dial this initial connection and select your Internet service provider (ISP) connection.

    • Click Next.

  7. In the VPN Server Selection window, type the name or IP address of the VPN server, and then click Next.

    Use the table below to find your VPN server for both remote (e.g., cable modem, DSL, or outside Internet service provider) and wireless VPN connections:

    Campus VPN server
    IU Bloomington ipsec.indiana.edu
    IU East vpn.iue.edu
    IU Kokomo vpn.iuk.edu
    IU Northwest 149.162.8.2
    IUPUI ipsec.iupui.edu
    IU South Bend vpn.iusb.edu
    IU Southeast vpn.ius.edu
  8. At this point, you may see the message:

    "You can configure this connection to use your smart card to log you into the remote network. Select whether to use your smart card with this connection".

    Choose Do not use my smart card and click Next.

  9. In the Connection Availability window, select the option most appropriate for your situation. Click Next.

    Note: If you are using a wireless card and wish to log into a domain (including ADS) upon starting Windows XP, you must select the Anyone's use option. Selecting this option will make the VPN connection available when you choose Log on using dial-up connection at the login screen.

  10. On the last screen, if you want a shortcut icon on your desktop for the new connection, select Add a shortcut to this connection to my desktop. Click Finish.

Configuring your VPN connection

To properly configure your VPN connection:

  1. After you've created your VPN connection, Windows XP should open the connection automatically for you. If it does, select Properties. If it does not, right-click the new connection icon, and then select Properties.

  2. Click the Options tab. Check Prompt for name and password, certificate, etc. and Include Windows Logon Domain.

  3. Click the Networking tab. If you're on the Bloomington or Indianapolis campus, set "Type of VPN:" to L2TP IPSec VPN. If you're on any other campus, set it to PPTP VPN.

  4. In the "This connection uses the following items:" field, only the following should be checked:

    • Internet Protocol (TCP/IP)
    • File and Printer Sharing for Microsoft Networks
    • Client for Microsoft Networks
    • QoS Packet Scheduler

  5. Select TCP/IP, and then click Properties.

  6. Select both Obtain an IP address automatically and Obtain DNS server address automatically, and then click OK.

  7. Click the Security tab.

  8. If you selected PPTP VPN in step 3 above (i.e., if you set "Type of VPN:" to PPTP VPN), skip ahead to step 10.

    If you selected L2TP IPSec VPN, click IPSec Settings... and proceed to the next step.

  9. Check Use pre-shared key for authentication. Then, in the "Key:" field, type hermanbwells . Click OK.

  10. Select Advanced (custom settings), and then click Settings... .

  11. Under "Logon Security", select Allow these protocols, and make sure the only checkbox selected is Microsoft CHAP Version 2 (MS-CHAP v2). Click OK and then Close.

Establishing the VPN connection

To establish a VPN connection:

  1. After configuring your VPN connection, you should be back to the authentication screen for your new connection. If not, get there by double-clicking the new connection icon. Or, in XP's default Start menu, click Start, then Connect To, and finally the name of the connection. In XP's Classic Start menu, click Start, then Settings, then Network Connections, and finally the name of the connection.

  2. You will see a place to enter a username, password, and domain. Enter your IU Network ID credentials, and in the domain field, enter ADS . Click Connect.

    Note: It may take up to a minute to establish a connection with the VPN server. Please be patient. If you have problems connecting, note any error messages and contact your campus Support Center.

  3. When the connection is established, you should see a new icon in the system tray. This icon is identical to the one for dial-up connections.

  4. To disconnect and terminate the connection, double-click the icon in the system tray and choose Disconnect.
This is document akko in domain all.
Last modified on October 12, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.