Top of this page
Skip navigation, go straight to the content

VPN (Virtual Private Networking) :

A continuous network connection between two systems or locations which
uses public networks. All traffic between these two systems goes
through this connection. The traffic running through a VPN connection,
also called a tunnel, will not be filtered by firewalls and similar.
If desired, the traffic that goes through the VPN connection can be
encrypted, so that third parties cannot eavesdrop on it. 

VPN gateway :

A VPN gateway, VPN server or tunnel server is the system to which you
connect from your computer at home to set up a VPN connection or
tunnel. In practice, it will look like your home system is assigned a
second IP address in the network the VPN gateway is a part of. In
reality, this IP address exists only on the VPN gateway. Your home
system uses this IP address via the "tunnel".

Firewall :

A connection between two networks that only allows traffic to pass
through if it is considered necessary. In practice, a firweall often
only lets through web traffic, communications between e-mail servers
and VPN connections, if users can be authenticated based on, for
example, a usercode/password combination.

DES encryption :

The Data Encryption Standard (DES) for encoding messages was developed
in the 1970s. DES makes use of a 56 bit encryption key.
 

3DES encryption :

Triple DES or 3DES is based on DES. The main difference is that 3 keys
are used, so that messages are harder to crack.
 

Split Tunneling :

Normally, when you use a VPN connection, all network traffic,
including internet traffic, will go through the VPN tunnel. In most
situations, this will not be what you want, as you will not have
access to the services (such as e-mail, news, homepages) of your
Internet Service Provider (ISP). With Split Tunneling, only traffic
meant for the network directly behind the VPN gateway will go through
the tunnel. All the other traffic will go via your regular ISP
connection. The disadvantage of this is that you will not be able to
access systems that allow access from systems with a TU/e IP address,
such as http://ieeexplore.ieee.org/

See the Windows XP or IPSec installation procedures.

I can't make use of full-text magazines and library search
systems.

In order to use the full-text magazines and search systems, you need
to set up your connection without split tunneling. See this page

Which protocols/ports should a firewall allow to pass so that VPN
will work?

PPTP makes use of TCP port 1723 to set up a connection. After that,
PPTP uses protocol ID 47 - GRE ("generic routing encapsulation") - to
transfer data.

IPSec uses UDP port 500 and protocol ID's 50 and 51.

The PPTP connection in Windows 2000 shows the error "The PPP link
control protocol was terminated"

The most likely cause is that the firewall or router is blocking the
GRE protocol. Without GRE, PPTP will not work.
 

The firewall or NAT box is blocking the Microsoft PPTP client and
the Cisco IPSec VPN client. What should I do?

The configuration of the firewall or NAT box should be changed. If
this is not possible, use the Cisco IPSec VPN client and set it to
"Transparent Tunneling". With these settings, only TCP port 10000 will
be used, and in most cases the VPN connection will work.
 --------------------------------------------------------------------------------

Frequently Asked Questions IPSec VPN client

How can I see the status of the IPSec connection?

When the IPSec connection is active, you will see a small lock to the
bottom right of your screen, in the task bar. This is the VPN
connection icon.

  • Double-click this icon 
  • Click Status
  • Select Statistics

Logging on worked, and according to the VPN client status, I have a
connection. However, it doesn't work.

IPSec uses protocol IDs 50 and 51. The most likely cause of the
problem is that these protocols are being blocked. "Transparent
Tunneling" might solve the problem.
 

The VPN client doesn't work from behind a system with Microsoft
Internet Connection Sharing, a Firewall or a Network Address
Translation (NAT) box. Can anything be done about this?

You need to set your VPN client to Transparent Tunneling:

  • In the Start menu, go to Programs > Cisco Systems VPN Client > VPN
      Dialer
  • Click Options
  • Select "Advanced Mode"
  • Select the desired profile 
  • Click Modify
  • Select the Transport tab 
  • Check "Enable Transparent Tunneling"
  • Click Save

Is it possible to place an icon on the desktop, so that I can start
the VPN client easily?

Optionally, you can place a shortcut on the desktop after
installation:

  • Select Start > Programs > Cisco Systems VPN Client > VPN Dialer
  • Select the desired profile 
  • Click "Connection Entries" and select "Create Shortcut"

The computer has become unreachable, even when the VPN client is
not active

This is caused by the "Stateful Firewall" being active. You can solve
this as follows:

  • Selecteer Start > Programs > Cisco Systems VPN Client > VPN Dialer
  • Click options
  • Select "Advanced Mode"
  • Click Options
  • Click "Statefull Firewall"

Is it possible to start the VPN connection before logging in on the
NT network?

With Windows 2000 and XP, this is possible.

  • Select Start > Programs > Cisco Systems VPN Client > VPN Dialer
  • Click Options
  • Select "Advanced Mode"
  • Click Options
  • Select "Windows Logon Properties..."
  • Check "Enable start before logon" and click OK

Once this has been set and the system has been restarted, the VPN
client will be started when "Ctrl+Alt+Del" is pressed, so before the
Windows logon.

In order to be able to log in on the NT network, a Windows 200/NT/XP
system needs to be added to the Windows 2000 domain. To do this, a
computer account is needed. See link for the application procedure.
 

Is it possible to use the Cisco VPN client on a system that has
Microsoft Internet Connection Sharing (ICS) installed?

No, the Cisco VPN client is not compatible with Microsoft ICS. You
will need to uninstall ICS before you can install the VPN client.