How to configure a connection to a virtual private network (VPN) in Windows XP (314076)

MORE INFORMATION

Overview of a VPN

A VPN is a method of connecting to a private network (for example, your office network) by way of a public network (for example, the Internet).

A VPN gives you the benefit of a dial-up connection to a dial-up server, plus the ease and flexibility of an Internet connection. Using an Internet connection permits you to connect to resources all over the world and still, in most places, connect to your office by making a local call to the nearest Internet access phone number. If you have a high-speed Internet connection such as cable or digital subscriber line (DSL) at your computer and at your office, you can communicate with your office at full Internet speed. This is much faster than any dial-up connection that uses an analog modem.

VPNs use authenticated links to make sure that only authorized users can connect to your network, and they use encryption to make sure that others cannot intercept and cannot use data that travels over the Internet. Windows XP achieves this security by using Point-to-Point Tunneling Protocol (PPTP) or Layer Two Tunneling Protocol (L2TP). A Tunneling Protocol is a technology that helps make the transfer of information over the Internet more secure from one computer to another.

VPN technology also permits a corporation to connect to its branch offices or to other companies over a public network, such as the Internet, while helping to maintain secure communications. The VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

back to the top

Configure a VPN connection from a client computer

To set up a connection to a VPN, follow these steps:

On the computer that is running Windows XP, confirm that the connection to the Internet is correctly configured.

For more information about how to test your Internet configuration, click the following article number to view the article in the Microsoft Knowledge Base:
314067 How to troubleshoot TCP/IP connectivity with Windows XP
Click Start, and then click Control Panel.
In Control Panel, double-click Network Connections.
Click Create a new connection.
In the Network Connection Wizard, click Next.
Click Connect to the network at my workplace, and then click Next.
Click Virtual Private Network connection, and then click Next.
If you are prompted to, do one of the following:
- If you use a dial-up connection to connect to the Internet, click Automatically dial this initial connection, and then click your dial-up Internet connection from the list.
- If you use a full-time connection such as a cable modem, click Do not dial the initial connection.
Click Next.
Type the name of your company or type a descriptive name for the connection, and then click Next.
Type the host name or the Internet Protocol (IP) address of the computer that you want to connect to, and then click Next.
Click Anyone's use if you want the connection to be available to anyone who logs on to the computer, or click My use only to make it available only when you log on to the computer, and then click Next.
Click to select the Add a shortcut to this connection to my desktop check box if you want to create a shortcut on the desktop, and then click Finish.
If you are prompted to connect, click No.
In the Network Connections window, right-click the new connection.
Click Properties, and then configure more options for the connection:
- If you are connecting to a domain, click the Options tab, and then click to select the Include Windows logon domain check box to specify whether to request Windows logon domain information before you try to connect.
- If you want the computer to redial the connection if the line is dropped, click the Options tab, and then click to select the Redial if line is dropped check box.

To use the connection, follow these steps:

Use one of the following methods:
- Click Start, point to Connect To, and then click the new connection.
- If you added a connection shortcut to the desktop, double-click the shortcut on the desktop.
If you are not currently connected to the Internet, Windows offers to connect to the Internet.
After your computer connects to the Internet, the VPN server prompts you for your user name and password. Type your user name and password, and then click Connect. Your network resources should be available to you in just like they are when you connect directly to the network.
To disconnect from the VPN, right-click the icon for the connection, and then click Disconnect.

Note If you cannot connect to shared resources on the remote network by computer, you can use the remote computer's IP address to connect by using UNC (\\<IP_Address>\Share_name). Edit the hosts file in the Windows\System32\Drivers\ folder, and add an entry to map the remote server's name to its IP address. Then use the computer name in a UNC connection (\\Server_name\Share_name).back to the top

Troubleshoot VPN connections

Troubleshooting VPN connection issues typically involves contacting your Internet service provider (ISP), your VPN server administrator, or your router or firewall manufacturer.

When you try to connect to your VPN server, you may not be able to connect, and you may receive an error message that resembles the following:

678: The remote computer did not respond.

930: The authentication server did not respond to authentication requests in a timely fashion.

800: Unable to establish the VPN connection.

623: The system could not find the phone book entry for this connection.

720: A connection to the remote computer could not be established.

To resolve this issue, use one of the following methods:

Verify that you have connected to the Internet before you try to connect to the VPN server.

For more information about troubleshooting Internet Connectivity in Windows XP, click the following article numbers to view the articles in the Microsoft Knowledge Base:
314067 How to troubleshoot TCP/IP connectivity with Windows XP
314095 How to troubleshoot possible causes of Internet connection problems in Windows XP
If you can connect to the Internet but you still cannot establish a connection to the VPN server, and you receive error 623, see the following Microsoft Knowledge Base article:
227391 Error message: "Error 623 the system could not find the phone book entry for this connection" when making a VPN connection
If you can connect to the Internet but you still cannot establish a connection to the VPN server, and you receive error 720, see the following Microsoft Knowledge Base article:
314869 Error 720: No PPP control protocols configured
If you still cannot connect to the VPN server, the VPN server may not be configured correctly. Contact your VPN server administrator.

If you are the VPN server administrator, see the following Microsoft Knowledge Base articles for additional information about how to configure a Microsoft VPN server:
308208 How to install and configure a virtual private network server in Windows 2000
162847 Troubleshooting PPTP connectivity issues in Windows NT 4.0
299684 Error message: Error 930; The authentication server did not respond to authentication requests in a timely fashion
If you use a personal firewall or a broadband router, or if there are routers or firewalls between the VPN client and the VPN server, the following ports and protocol must be enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN server:

Client ports Server port Protocol
1024-65535/TCP 1723/TCP PPTP

Additionally, you must enable IP PROTOCOL 47 (GRE).

For information about your firewall or router configuration, and to confirm that your firewall or your router will pass these ports and protocol, contact the manufacturer of your firewall, your router, your ISP, or your VPN server administrator.

back to the top