NOTE: You, the customer, are solely responsible for data security. WinBook strongly recommends that you perform a backup of all personal data contained on your system prior to performing this procedure. Warning: WinBook will NOT be held responsible for any data loss incurred during this process.

This technical article will show you how to use the New Connection Wizard to create the new VPN server interface. These instructions will be based on that the Windows XP Professional machine is not a member of a Windows NT 4.0 or Windows 2000 domain.

Note: You can run Internet Connection Sharing (ICS) and incoming VPN connections on the same interface. However, to prevent problematic configuration issues, you should configure the VPN interface before you configure ICS on the same computer.

How to create the VPN server interface, step-by-step

1. Click Start, and then Control Panel.
2. In the Control Panel, Double-click Network Connections.
3. In the Network Connections window, Select the Create a New Connection.
4. On the Welcome To The New Connection Wizard page, click Next.
5. On the Network Connection Type page, select the Set Up An Advanced Connection option.
6. On the Advanced Connection Options page, select the Accept Incoming Connection and click Next.
7. On the Devices For Incoming Connections page, you can select optional devices on which you want to accept incoming connections. Note that you are not presented with any of the network interfaces on the computer.
8. On the Incoming Virtual Private Network (VPN) Connection page, select the Allow Virtual Private Connections option and click Next.
9. On the User Permissions page, select the users that are allowed to make incoming VPN connections. Click Next.
10. On the Networking Software page, click on the Internet Protocol (TCP/IP) entry and click the Properties button.
11. In the Incoming TCP/IP Properties dialog box, place a check mark in the Allow Callers To Access My Local Area Network check box. This will allow VPN callers to connect to other computers on the LAN. If this check box isn’t selected, VPN callers will only be able to connect to resources on the Windows XP VPN server itself. Click OK to return to the Networking Software page and then click Next.
12. On the Completing The New Connection Wizard page, click Finish to create the connection.
13. After the Incoming Connection is complete, right-click on the Connection you made in the Network Connections window and select the Properties.

Note that on the General tab of the Incoming Connections Properties page that no devices are listed. The comment No Hardware Capable Of Accepting Calls Is Installed isn’t true, since you can now create VPN connections network card. In practice, there is no point in creating a VPN connection to the internal interface card unless of course this is the only card you have.

VPN Server Optimization Tips

The New Connection Wizard made it easy to create the VPN server interface, but you can still do more to optimize your VPN connections. First, note that you can create PPTP or L2TP/IPSec VPN connections. The Figure below shows the connection status dialog box of a Windows XP VPN client connected to a Windows XP VPN server. Note that MPPE 128-bit encryption is automatically enabled and that Microsoft CHAP v2 is used for authentication.

If both machines had machine certificates from the same Certification Authority installed, an L2TP/IPSec VPN link could have been negotiated.
Configure Windows XP Professional to be a VPN server

If you want the VPN client to access resources on the internal network, the IP address assigned to the VPN client should be on the same network ID as the internal interface of the Windows XP VPN server computer. In addition, all the machines on the internal network should have a default gateway set using the IP address of the internal interface of the Windows XP VPN server.

In the unlikely event that the SOHO has multiple network segments, the routing table on the Windows XP VPN server needs to be configured with paths to the various internal network IDs. You can use the ROUTE ADD command to create these routing table entries.

Small networks that use a Windows XP Professional machine for a VPN server probably won’t have network services such as WINS or DNS. If name resolution on the private network is an issue for the VPN client, then you should create a LMHOSTS file, a simple text file that contains name and IP address mappings. For example, the following line could represent an entry in an LMHOSTS file:
10.0.0.2 DEFIANT.

Notepad tip: When you save the LMHOSTS file to the <system_root>\system32\drivers\etc folder, make sure that the file doesn’t contain a file extension. To prevent Notepad from appending a file extension to the filename, when you save the file in Notepad, put quotes around LMHOSTS.

The VPN client must be configured with an IP address or host name for the Windows XP Professional VPN server. If the Windows XP Professional client has a dedicated link to the Internet and a static IP address, you can use that IP address in the VPN client configuration interface. However, if the Windows XP Professional VPN server is assigned an IP address via DHCP, you’ll have to use an Internet host name and a method of registering the host name dynamically. A couple of services you might want to look into are TZO and DYNDNS. Both of these services will let you dynamically register a computer’s IP address into the public DNS database.

Your feedback is greatly appreciated. If you have noticed any problems with this tech article, or if you feel that something is not clear enough, please E-mail our Technical Support department by clicking on the link below. Please include the Technical Article Number and the specific area that you feel is inaccurate. Thank you. 
WinBook Tech Article Feedback

Disclaimer: This information is being provided to you as a service from the Technical Support Department of WinBook Computers. It is intended to assist you in the resolution of your technical problems or questions. If you feel uncomfortable implementing any of the information or suggestions contained herein then you should e-mail the WinBook Technical Support Department. WinBook will not be held responsible for any loss of information, data or programming as a result of the use of this TechNote.