Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

For Windows 2000, XP, or Vista, how do I download and install the L2TP/IPsecNAT-T update?

Note: When connecting from off campus, SSL VPN is the replacement for IU's IPsec- and PPTP-based VPN services, and UITS recommends using it now if your campus supports it. PPTP is retired at IU Bloomington and IUPUI, and IPsec VPN service at those campuses will be retired by fall 2010.

How to tell if you need this update

If your Windows 2000, XP, or Vista computer is assigned a private IP address and must go through a network address translation (NAT) device to connect to the Internet, and if you wish to make IPsec VPN connections to the Indiana University network, you will need Microsoft's L2TP/IPsec NAT-T patch.

Vista has native support for this feature; however, by default, it is disabled. To enable this feature, see article 926179 at Microsoft Help and Support.

Search Microsoft Help and Support.

Note: If you use Windows XP, you should install Windows XP Service Pack 3 (SP3), as it contains the L2TP/IPsec NAT-T update in addition to other important system updates. Updates in SPs have gone through more testing than the original updates and may include important changes not available in the original update; see What are service packs for Windows, and where can I get them?

A NAT device is any sort of router or network hardware that does network address translation between the Internet and a computer or network using private IP addresses. Most home and small office routers fit this description, though it's possible for large businesses and networks to use private IP addresses and NAT devices. If your computer's IP address falls within the following ranges, you have a private IP address and definitely connect to the Internet through a NAT device:

10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255

To find your computer's IP address, see How do I determine my computer's IP address?

If you have any other IP address, you do not need this update for that specific connection. Keep in mind that you may need it for connections at other locations if you use private IP addresses and NAT devices there.

How to download and install the update

Note: To install items from the URL below, you need to be logged in with administrative privileges; see In Windows, how can I run an administrator task from a non-admin account?

Note: At Indiana University, the University Information Security Office (UISO) recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?

The L2TP/IPsec NAT-T update is available from the Microsoft Update Catalog. (You have to use Internet Explorer 6.0 or higher to access this web site.) From this catalog:

  1. In the Search box, enter L2TP .

  2. On the resulting page, select the update for your system (Windows XP or Windows 2000).

    Again, if you use Windows XP, you should install SP3 instead of this individual update.

  3. On the Language Selection tab, make sure the setting is English.

  4. In the box that appears after you make your selection, click Add to Basket, and then click Close.

  5. Click View Basket, and then click Download.

  6. Click Browse... to select a folder in which to save the update; any folder will do, as long as you remember where it is. Click Download Now.

    Note: The path to the file you choose can't be longer than 50 characters. If you save to your desktop, you will probably fall under this limit; if you try to save to a folder on your desktop, the path name may be too long, and you will need to choose another location.

  7. After the file downloads, browse to the folder you saved it in, and then browse through the subfolders to find the .exe file that installs the update. The .exe filename will vary depending on which version of Windows the update is for, but it will be the only .exe file in any of those folders. For example, the filename for Windows XP SP1 is WindowsXP-KB818043-x86-ENU.exe. The filename for Windows 2000 Professional SP4 is Q818043_W2K_SP5_x86_EN.EXE. (The file may have a large string of numbers and letters between the "en" and the ".exe".) You may have to browse through as many as seven subfolders to reach the .exe file. When you find the file, double-click it.

  8. After a few seconds, you will be prompted to choose the directory into which you want to extract the compressed files. The default directory is the one the .exe file is in; you can extract the files into that one or change it to anything you want, as the files will be automatically deleted once the update is finished. Click OK, and the installer will launch.

  9. You will see the Q818043 Setup Wizard launch. Click Next.

  10. Select I Agree on the License Agreement page, and then click Next.

  11. The Setup Wizard will install the patch. Click Finish when it's done.

At this point, configure the VPN connection according to the directions for your operating system; see In Windows Vista from off campus, how do I make an IPsec or PPTP VPN connection to the IU network? or In Windows XP, how do I make an IPsec or PPTP VPN connection to the IU network?

This is document aoxa in domain all.
Last modified on October 12, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.