1. Click Start | Control Panel.
2. In the Control Panel, open the Network Connections applet.
3. In the Network Connections window (see Figure A), open the New Connection Wizard.
The Network Connections window
5. On the Network Connection Type page (see Figure B), select the Set Up An Advanced Connection option.
Configuring XP to accept incoming connections
Note that you are not presented with any of the network interfaces on the computer.
Any user that isn't selected won't be able to initiate an incoming connection.
Configuring TCP/IP properties
Granting LAN access to callers
After the Incoming Connection is complete, right-click on the connection in the Network Connections window and select the Properties command (see Figure I).
Accessing the properties of the VPN server link
VPN clients will only call the external IP address of the Windows XP Professional VPN server.
The New Connection Wizard made it easy to create the VPN server interface, but you can still do more to optimize your VPN connections. First, note that you can create PPTP or L2TP/IPSec VPN connections. Figure K shows the connection status dialog box of a Windows XP VPN client connected to a Windows XP VPN server. Note that MPPE 128-bit encryption is automatically enabled and that Microsoft CHAP v2 is used for authentication.
If both machines had machine certificates from the same Certification Authority installed, an L2TP/IPSec VPN link could have been negotiated.
In the unlikely event that the SOHO has multiple network segments, the routing table on the Windows XP VPN server needs to be configured with paths to the various internal network IDs. You can use the ROUTE ADD command to create these routing table entries.
Small networks that use a Windows XP Professional machine for a VPN server probably won't have network services such as WINS or DNS. If name resolution on the private network is an issue for the VPN client, then you should create a LMHOSTS file, a simple text file that contains name and IP address mappings. For example, the following line could represent an entry in an LMHOSTS file:
The VPN client must be configured with an IP address or host name for the Windows XP Professional VPN server. If the Windows XP Professional client has a dedicated link to the Internet and a static IP address, you can use that IP address in the VPN client configuration interface. However, if the Windows XP Professional VPN server is assigned an IP address via DHCP, you'll have to use an Internet host name and a method of registering the host name dynamically. A couple of services you might want to look into are TZO and DYNDNS. Both of these services will let you dynamically register a computer's IP address into the public DNS database.
Windows XP Professional provides simple VPN server capabilities that let you connect single VPN clients to your internal network, one at a time. If the Windows XP Professional computer has a dedicated connection to the Internet, you can connect to that computer from virtually anywhere in the world using a VPN link. The VPN server setup is simple and can accept calls from any Windows PPTP or L2TP/IPSec client.