Configuring a Virtual Private Network (VPN) to Connect to the Virginia Tech Modem Pool via Layer 2 Tunneling Protocol (L2TP) Over IP Security Protocol (IPSec) in Windows XP

Article: vtkb2316.htm

Difficulty: Difficult

Time to Complete (minutes): 60

Last Updated: Apr 02, 2007

Question:

How do I configure a Virtual Private Network (VPN) to connect to the Virginia Tech Modem Pool via Layer 2 Tunneling Protocol (L2TP) over IP Security Protocol (IPSec) in Windows XP?

Answer:

Notes:

Caution: Editing the registry can cause your computer to malfunction. Take extreme care when following these instructions. If you are uncomfortable with performing these steps, contact a computer professional for assistance.
Important: To be eligible to use the VPN service, you must be subscribed to either the Virginia Tech Wireless Network Service (http://wireless.cns.vt.edu) or the Virginia Tech Modem Pool (http://www.cns.vt.edu/html/data/vtmp/index.html) service.
Important: You must log on to an account with computer administrator privileges.
If you are connecting from behind a router running Network Address Translation (NAT), you will not be able to use the encrypted IPSec version of the VPN service. However, you can use the unencrypted PPTP version. For more information, refer to Configuring a Virtual Private Network (VPN) to Connect to the Virginia Tech Modem Pool via Point-to-Point Tunneling Protocol (PPTP) in Windows XP (http://www.answers.vt.edu/ask4help/connection/vtkb2304.htm).
For more information about Virginia Tech's VPN service, see the Virtual Private Network page.

To configure VPN over IPSec, you will need to edit your registry, set up IPSec, and then set up your L2TP connection.

Edit your registry to create the ProhibitIPSec Key.
1. From the Start menu, select Run.
2. In the Open text box, type: regedit
3. Click OK.
4. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters.
5. From the Edit menu, select New, and then select DWORD Value. A text box will appear.
6. In the text box, type: ProhibitIPSec
7. Press the Enter key.
8. Double-click ProhibitIPSec.
9. In the Value Data text box, type: 1
10. Click OK.
11. Close the Registry Editor.
12. Restart your computer.
Download the IPSec policy file.
1. Go to Notes on Using Virginia Tech's VPN Pilot Service (https://rdweb.cns.vt.edu/~cgaylord/vpn/).
2. In the User Name text box, type: your PID.
3. In the Password text box, type: your PID password.
4. Click OK.
5. Click the W2k Ipsec Policy File for VPN link.
6. Save the file to your desktop.
Import the IPSec policy.
1. From the Start menu, select Control Panel.
2. Click the Performance and Maintenance link.
3. Click the Administrative Tools link.
4. Double-click the Local Security Policy icon.
5. In the left pane, select IP Security Policies on Local Computer.
6. From the Action menu, select All Tasks, and then select Import Policies.
7. From the Look In drop-down list, select Desktop.
8. Select the VT-VPN-Policy.ipsec file.
9. Click the Open button.
10. Select and assign the appropriate policy.
  Note: For assistance, contact your network administrator.
  - To block the NetBIOS over TCP/IP (NBT) protocol: Right-click Encrypt VPN; Block NBT, and select Assign.
  - To allow the NetBIOS over TCP/IP (NBT) protocol: Right-click Encrypt VPN; Allow NBT, and select Assign.
Set up your L2TP connection.
1. From the Start menu, select Control Panel.
2. Click the Network and Internet Connections link.
3. Click the Network Connections link.
4. Click the Create a New Connection link.
5. Click Next.
6. Select the Connect to the Network at My Workplace option.
7. Click Next.
8. Select the Virtual Private Network Connection option.
9. Click Next.
10. In the Company Name text box, type: Virginia Tech L2TP Over IPSec
11. Click Next.
12. If present, select the Do Not Dial the Initial Connection option.
13. Click Next.
14. In the Host Name or IP Address text box, type: IPSec.cns.vt.edu
15. Click Next.
16. Select the Anyone's Use or My Use Only option.
17. Click Next.
18. Click Finish. The Connect to Virginia Tech L2TP Over IPSec window will open.
19. Click the Properties button.
20. Select the Security tab.
21. Select the Advanced option.
22. Click the Settings button.
23. Select the Allow These Protocols option.
24. Place a check in the Unencrypted Password (PAP) check box.
  Note: Although your password will be sent unencrypted, the tunnel is encrypted through IPSec.
25. Click OK.
26. Click the Yes button.
27. Click the IPSec Settings button.
28. Place a check in the Use Pre-shared Key For Authentication check box.
29. In the Key text box, type: vatech
30. Click OK.
31. In the Virginia Tech L2TP Over IPSec window, click OK.
32. In the Username text box, type your PID.
33. In the Password text box, type your PID password.
34. Click the Connect button.