8/3/2019 VPN Server Notes

http://slidepdf.com/reader/full/vpn-server-notes 1/5

How to configure a connection to a virtual private network(VPN) in Windows XP

View products that this article applies to.

This article was previously published under Q314076

To continue receiving security updates for Windows, make sure you'rerunning Windows XP with Service Pack 3 (SP3). For more information, referto this Microsoft web page: Support is ending for some versions of Windows

On This Page 

SUMMARY 

This step-by-step article describes how to create a new VPN connection in Microsoft Windows XP.

You can use a virtual private network (VPN) to connect components to one network by using

another network, such as the Internet. Virtual private networks do this by "tunneling" through the

Internet or another public network in a manner that provides the same security and features as a

private network. With a VPN, connections across the public network can transfer data by using the

routing infrastructure of the Internet, but to the user, the data seems to travel over a dedicated

private link.

Back to the top

MORE INFORMATION 

Overview of a VPN

A VPN is a method of connecting to a private network (for example, your office network) by way

of a public network (for example, the Internet).

A VPN gives you the benefit of a dial-up connection to a dial-up server, plus the ease and flexibility

of an Internet connection. Using an Internet connection permits you to connect to resources all over

the world and still, in most places, connect to your office by making a local call to the nearest

Internet access phone number. If you have a high-speed Internet connection such as cable or

digital subscriber line (DSL) at your computer and at your office, you can communicate with your

office at full Internet speed. This is much faster than any dial-up connection that uses an analog

modem.

8/3/2019 VPN Server Notes

http://slidepdf.com/reader/full/vpn-server-notes 2/5

VPNs use authenticated links to make sure that only authorized users can connect to your network,

and they use encryption to make sure that others cannot intercept and cannot use data that travels

over the Internet. Windows XP achieves this security by using Point-to-Point Tunneling Protocol

(PPTP) or Layer Two Tunneling Protocol (L2TP). A Tunneling Protocol is a technology that helps

make the transfer of information over the Internet more secure from one computer to another.

VPN technology also permits a corporation to connect to its branch offices or to other companies

over a public network, such as the Internet, while helping to maintain secure communications. The

VPN connection across the Internet logically operates as a dedicated wide area network (WAN) link.

Back to the top

Configure a VPN connection from a client computer

To set up a connection to a VPN, follow these steps:

1. On the computer that is running Windows XP, confirm that the connection to the Internet is

correctly configured.

For more information about how to test your Internet configuration, click the following

article number to view the article in the Microsoft Knowledge Base:

314067  How to troubleshoot TCP/IP connectivity with Windows XP

2. Click Start, and then click Control Panel.

3. In Control Panel, double-click Network Connections.

4. Click Create a new connection.

5. In the Network Connection Wizard, click Next.

6. Click Connect to the network at my workplace, and then click Next.

7. Click Virtual Private Network connection, and then click Next.

8. If you are prompted to, do one of the following:

o If you use a dial-up connection to connect to the Internet, click Automatically

dial this initial connection, and then click your dial-up Internet connection from

the list.

o If you use a full-time connection such as a cable modem, click Do not dial the

initial connection.

9. Click Next.

8/3/2019 VPN Server Notes

http://slidepdf.com/reader/full/vpn-server-notes 3/5

10. Type the name of your company or type a descriptive name for the connection, and then

click Next.

11. Type the host name or the Internet Protocol (IP) address of the computer that you want to

connect to, and then click Next.

12. Click Anyone's use if you want the connection to be available to anyone who logs on to

the computer, or click My use only to make it available only when you log on to the

computer, and then click Next.

13. Click to select the Add a shortcut to this connection to my desktop check box if you

want to create a shortcut on the desktop, and then click Finish.

14. If you are prompted to connect, click No.

15. In the Network Connections window, right-click the new connection.

16. Click Properties, and then configure more options for the connection:

o If you are connecting to a domain, click the Options tab, and then click to select

the Include Windows logon domain check box to specify whether to request

Windows logon domain information before you try to connect.

o If you want the computer to redial the connection if the line is dropped, click the

Options tab, and then click to select the Redial if line is dropped check box.

To use the connection, follow these steps:

1. Use one of the following methods:

o

Click Start, point to Connect To, and then click the new connection.o If you added a connection shortcut to the desktop, double-click the shortcut on the

desktop.

2. If you are not currently connected to the Internet, Windows offers to connect to the

Internet.

3. After your computer connects to the Internet, the VPN server prompts you for your user

name and password. Type your user name and password, and then click Connect. Your

network resources should be available to you in just like they are when you connect directly

to the network.

4. To disconnect from the VPN, right-click the icon for the connection, and then click

Disconnect.

Note If you cannot connect to shared resources on the remote network by computer, you can use

the remote computer's IP address to connect by using UNC (\\<IP_Address>\Share_name). Edit the

hosts file in the Windows\System32\Drivers\ folder, and add an entry to map the remote server's

8/3/2019 VPN Server Notes

http://slidepdf.com/reader/full/vpn-server-notes 4/5

name to its IP address. Then use the computer name in a UNC connection

(\\Server_name\Share_name).

Back to the top

Troubleshoot VPN connections

Troubleshooting VPN connection issues typically involves contacting your Internet service

provider (ISP), your VPN server administrator, or your router or firewall manufacturer.

When you try to connect to your VPN server, you may not be able to connect, and you may receive

an error message that resembles the following:

678: The remote computer did not respond.

930: The authentication server did not respond to authentication requests in a timely fashion.

800: Unable to establish the VPN connection.

623: The system could not find the phone book entry for this connection.

720: A connection to the remote computer could not be established.

To resolve this issue, use one of the following methods:

• Verify that you have connected to the Internet before you try to connect to the VPN server.

For more information about troubleshooting Internet Connectivity in Windows XP, click the

following article numbers to view the articles in the Microsoft Knowledge Base:

314067  How to troubleshoot TCP/IP connectivity with Windows XP

314095  How to troubleshoot possible causes of Internet connection problems in Windows

XP

• If you can connect to the Internet but you still cannot establish a connection to the VPN

server, and you receive error 623, see the following Microsoft Knowledge Base article:

227391  Error message: "Error 623 the system could not find the phone book entry for this

connection" when making a VPN connection

8/3/2019 VPN Server Notes

http://slidepdf.com/reader/full/vpn-server-notes 5/5

• If you can connect to the Internet but you still cannot establish a connection to the VPN

server, and you receive error 720, see the following Microsoft Knowledge Base article:

314869  Error 720: No PPP control protocols configured

• If you still cannot connect to the VPN server, the VPN server may not be configured

correctly. Contact your VPN server administrator.

If you are the VPN server administrator, see the following Microsoft Knowledge Base articles

for additional information about how to configure a Microsoft VPN server:

308208  How to install and configure a virtual private network server in Windows 2000

162847  Troubleshooting PPTP connectivity issues in Windows NT 4.0

299684  Error message: Error 930; The authentication server did not respond to

authentication requests in a timely fashion

• If you use a personal firewall or a broadband router, or if there are routers or firewalls

between the VPN client and the VPN server, the following ports and protocol must be

enabled for PPTP on all firewalls and routers that are between the VPN client and the VPN

server:

Client ports Server port Protocol

1024-65535/TCP 1723/TCP PPTP

Additionally, you must enable IP PROTOCOL 47 (GRE).

For information about your firewall or router configuration, and to confirm that your firewall

or your router will pass these ports and protocol, contact the manufacturer of your firewall,

your router, your ISP, or your VPN server administrator.