Organization
Mission
Green IT
Guided Tour
Opening Hours
Location
LAN Administrators Resources Website
ITSC Student User Consultation Committee
Announcements
System Availability
Getting Started Guide for New Users
Location
Opening Hours
Facilities
Services
System Maintenance Schedule
Computing ID and Password
Computer Account Application
Accounts Information Management System
Computer Resources Assignment on various Systems
Request Additional Computer Resources
Alerts, News and Events
Good practices for general users
Good practices for technical professionals (Intranet only)
Information Security policies (Intranet only)
Useful tools and links
FAQ
Glossary
Report IS incidents
eLearning
High-performance Computing
iHome - CUHK Community Homepage Server
Logic - General Purpose UNIX Server
PC LAN Services at User Areas
Computer Equipment Acquisition (Intranet only)
Software Licensing
University-wide Software Standards
Departmental Support
Departmental Technology Solutions
Learning and Multimedia Technologies
University Administration Systems
AMSD Forms
MyCUHK
CU Link
ITSC Training Courses
Training Room Booking
Application Forms
Print Account Management System
eSurvey System
ITSC Digest
User Guides
E-Card Service
Wallpapers
Internet Applications
Campus-wide E-mail (CWEM)
CU Net-TV
More..
Campus Network
ResNet
ClassNet
Wireless LAN
Off-Campus Access
VPN
Wi-Fi Hotspot Partnership Programme
Internet and Other Links
The Chinese University of Hong Kong Information Technology Services Centre 資訊科技服務處 香港中文大學
Internet Applications
Campus-wide E-mail System (CWEM)
CU Net-TV
Bulletin Board System (BBS)
More..
Campus Network
ResNet
ClassNet
Wireless LAN
Off-Campus Access
CUHKNet
Dial-up Internet Access
button Virtual Private Network (VPN)
button CUHK Wi-Fi Hotspot Partnership Programme
Internet and Other Links
   
Window 2000 L2TP IPSec VPN Setup Procdeures
NOTE
  • To access VPN service,
  • Please check the installation of your network card before setting up a connection.
  • Effective from 1 Sept 2008, you can use a single VPN server name, vpn.cuhk.edu.hk, for any ResNet/ClassNet/CUHKNet connection. And previous server names, like ipsec-classnet.cuhk.edu.hk still work.

Please follow the steps below to establish a VPN connection.

  1. Add the ProhibitlpSec registry value
  2. Configure an IPSec policy
  3. Create a VPN Client
  4. Edit a VPN connection
  5. Configure Wireless LAN Card (Applicable to Wireless LAN Users)
  6. Connect ClassNet / ResNet / CUHKNet

CAUTION:

  • If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. ITSC cannot guarantee that you can solve the problems. Use Registry Editor at your own risk.
  • For details, please find Description of the Microsoft Windows registry at : http://support.microsoft.com/default.aspx?scid=kb;EN-US;256986&FR=1
  • You have to login Win2000 as Administrator before following the steps below.

I. Add the ProhibitIpSec registry value

1. Click Start > Run, type in Regedt32 (some Windows2000 version uses command Regedt) , and click OK .

2. A Registry Editor will pop out and to locate the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

3. Right click any white space of the Registry Editor.

a. Choose New > DWORD Value
b. Type ProhibitIpSec for the name


4. Right click on the ProhibitIpSec and choose Modify
Type in a value 1.

5. Restart your computer for the changes to take effect.

Top of Page

II. Configuration Procedure for an IPSec policy

1. Click Start > Run, type mmc, and then click OK.

2. Click Console > Add/Remove Snap-in > Add > IP Security Policy Management > Finish > Close > OK.

3. Right-click IP Security Policies on Local Machine, then click Create IP Security Policy > Next.

4. Type CUHK VPN for the name, and then click Next.

5. Clear the check box Activate the default response rule, and then click Next.

6. Select Edit Properties, and then click Finish.

7. In New IP Security Policy Properties, click Rules tab > Add > Next.

8. For Tunnel Endpoint, select This rule does not specify a tunnel, and then click Next.

9. For Network Type, click All network connections > Next.

10. For Authentication Method, click Use this string to protect the key exchange (pre-shared key), type ipsec-vpn, and then click Next.

11. For IP Filter List, click Add, type IPSec VPN Server for the Name, and then click Add > Next.

12. For IP Traffic Source, click A specific DNS name for Source address.

Then, type "vpn.cuhk.edu.hk" for Hostname.

Click Next.

Then click Yes for the Security Warning dialog.
13. Click My IP Address in Destination address.

14. For IP Protocol Type, click UDP in Select a protocol type, and then click Next.

15. For IP Protocol Port, click From this port, then type 1701, click To any port > Next.

16. Select Edit properties, click Finish.
For Filter Properties, select Mirrored. Also match packets with the exact opposite source and destination addresses.

Then click OK > Close.

17. For IP Filter List, click the IP filter you just created, and then click Next.

18. For Filter Action, click Add and create a new Filter Action specifying which Integrity and Encryption algorithms to be used.

19. Click Next > Finish > Close.
20. Right-click the IPSec policy you just created, and then click Assign.

21. Finally, Create a VPN dialup as usual but specify the hostname with "vpn.cuhk.edu.hk" .

Top of Page

III. Make a VPN Client
1. Click Start > Settings > Network and Dial-Up Connections > Make New Connection.
2. Click Next.

3. Choose Connect to a private network through the Internet.

Click Next.

4. Input "vpn.cuhk.edu.hk" for Host name or IP address.

Click Next.

5. Choose the network connection to be Only for myself or All users.
If you are not sure, we suggest you to select Only for myself.
Click Next.
6. Give name for the network connection, i.e. CUHK VPN.

Check the box if you want to add a shortcut to desktop.

Click Finish.

7. A Connect Dialog will prompt immediately.
Click Properties and follow “IV. Edit a VPN Connection” to finish the setup.

Top of Page

IV. Edit a VPN Connection

1. For Security tab in VPN Properties, choose Advanced (custom settings) and click Settings.

2. For Data encryption, choose Require encryption (disconnect if server declines).

Choose Allow these protocols for Logon security.

Check the boxes of
- Unencrypted password (PAP)
- Microsoft CHAP (MS-CHAP)
- Microsoft CHAP Version 2
(MS-CHAP v2)

Then click OK.

3. In the Networking tab, choose L2TP IPSec VPN for Types of VPN server I am calling, and then click OK.

Top of Page

V. Configure Wireless LAN Card (Applicable to Wireless LAN Users)

You also need to configure your wireless LAN card in order to access the campus network through a University's wireless LAN connection. Type classnet in Network name (SSID) field, and choose Disabled in Data Encryption field.

Top of Page

VI. Connect ClassNet/ResNet/CUHKnet

1. Double-click the VPN icon in the Network and Dial-Up Connection Folder.

2. Input your Campus-wide E-mail System (CWEM) Computing Id and password in the dialog box.

Click OK to connect.

3. If your computer connects to the network successfully, a dialog named Connection Completewill be prompted as shown.

Click OK to close it.

Top of Page

  

Need Help?
Please send your problems/requests to
http://helpdesk.itsc.cuhk.edu.hk