| Article: vtkb2558.htm |
| Difficulty: Difficult |
| Time to Complete (minutes): 60 |
| Last Updated: Jan 24, 2007 |
Question:
How do I configure a Virtual Private Network (VPN) to connect to the Virginia Tech Modem Pool via Layer 2 Tunneling Protocol (L2TP) over IP Security Protocol (IPSec) in Windows 2000?
Answer:
Notes:
-
Caution: Editing the registry can cause your computer to malfunction. Take extreme care when following these
instructions. If you are uncomfortable with performing these steps, contact a computer professional for assistance.
-
Important: You must have a current Virginia Tech Modem Pool account to use this service.
-
Important: You must log on to an account with administrator privileges.
-
If you are connecting from behind a router running Network Address Translation (NAT), you will not be able to use the encrypted IPSec
version of the VPN service. However, you can use the unencrypted PPTP version. For more information, refer to Configuring a Virtual Private Network (VPN) to Connect to the Virginia Tech Modem Pool via Point-to-Point Tunneling Protocol (PPTP) in Windows XP (http://www.answers.vt.edu/ask4help/connection/vtkb2304.htm).
-
For more information about Virginia Tech's VPN service, see the Virtual Private Network page.
To configure VPN over IPSec, you will need to edit your registry, set up IPSec, and then set up your L2TP connection.
-
Edit your registry to create the ProhibitIPsec key.
-
From the Start menu, select Run.
-
In the Open text box, type: regedit
-
Click OK.
-
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters.
-
From the Edit menu, select New, and then select DWORD Value. A text box will appear.
-
In the text box, type: ProhibitIPSec
-
Press the Enter key.
-
Double-click ProhibitIPSec.
-
In the Value Data text box, type: 1
-
Click OK.
-
Close the Registry Editor.
-
Restart your computer.
-
Download the IPSec policy file.
-
Go to the Notes on Using Virginia Tech's VPN Pilot Service page (https://rdweb.cns.vt.edu/~cgaylord/vpn/).
-
In the User Name text box, type your PID.
-
In the Password text box, type your PID password.
-
Click OK.
-
Click the W2k Ipsec Policy File for VPN link.
-
Save the file to your desktop.
-
Import the IPSec policy.
-
Click the Start button, select Settings, and then select Control Panel.
-
Double-click the Administrative Tools icon.
-
Double-click the Local Security Policy icon.
-
In the left pane, select IP Security Policies on Local Machine.
-
From the Action menu, select All Tasks, and then select Import Policies.
-
From the Look In drop-down list, select Desktop.
-
Select the VT-VPN-Policy.ipsec file.
-
Click the Open button.
-
Select and assign the appropriate policy.
Note: For assistance, contact your network administrator.
-
To block the NetBIOS over TCP/IP (NBT) protocol: Right-click Encrypt VPN; Block NBT, and select Assign.
-
To allow the NetBIOS over TCP/IP (NBT) protocol: Right-click Encrypt VPN; Allow NBT, and select Assign.
-
Set up your L2TP connection.
-
From the Start menu, select Settings, and then select Control Panel.
-
Double-click the Network and Dial-up Connections icon.
-
Double-click the Make New Connection icon.
-
Click Next.
-
Select the Connect to a Private Network through the Internet option.
-
Click Next.
-
In the Host Name or IP Address text box, type: IPSec.cns.vt.edu
-
Click Next.
-
Select the For All Users or Only for Myself option.
-
Click Next.
-
In the Type the Name You Want To Use for This Computer text box, type: Virginia Tech L2TP Over IPSec
-
Click Finish. The Connect to Virginia Tech L2TP Over IPSec window will open.
-
Click the Properties button.
-
Select the Security tab.
-
Select the Advanced option.
-
Click the Settings button.
-
Select the Allow These Protocols option.
-
Place a check in the Unencrypted Password (PAP) check box.
Note: Although your password will be sent unencrypted, the tunnel is encrypted through IPSec.
-
Click OK.
-
Click the Yes button.
-
Click OK.
-
In the Username text box, type your PID.
-
In the Password text box, type your PID password.
-
Click the Connect button.