WINDSTREAM Corporate Remote

Access System

Virtual Private Networking (VPN)

VPN
 WINDSTREAM REMOTE ACCESS SYSTEM - CorpRAS VPN
User Guide & Installation Instructions for Windows, 2000 & XP

User Guide and Installation Instructions

For Windows 2000 & XP
Rev. 08.21.2006

This is not intended for home computer use

Please obtain an Windstream asset by calling your local LAN Desktop Helpdesk

WARNING: Don't place the token directly on the laptop computer or keep it near the
vehicle's keyless entry remote or car alarm remote!
See chapter 2 for more details

If using a DSL or Cable Modem connection, see Appendix F

NOTE: AOL/CompuServe 6.0 and later are not compatible with WINDSTREAM
CorpRAS VPN.
NOTE: With Bell South DSL, disconnect before installing the VPN client.
NOTE: REMOVE the VPN client before making changes to the network settings or
adding network components .

See Appendix F for more information.

 WINDSTREAM REMOTE ACCESS SYSTEM - CorpRAS VPN
User Guide & Installation Instructions for Windows, 2000 & XP
Table of Contents
INTRODUCTIONS……………………………………………………………………………………………4
CHAPTER 1 Overview of the WINDSTREAM CorpRAS Virtual Private Networking (VPN)........5
CHAPTER 2 THE SECURID TOKEN..............................................................................................6
CHAPTER 3 MINIMUM REQUIREMENTS......................................................................................7
CHAPTER 4 INSTALLING THE VPN SOFTWARE – All Operating Systems................................8
WINDOWS XP Differences............................................................................................................ 9
CHAPTER 5 ESTABLISHING VPN CONNECTION TO WINDSTREAM........................................10
* You must have an Internet connection prior to doing the following......................................10
Disconnecting the VPN Tunnel....................................................................................................12
The Next, connection with VPN................................................................................................13IN
CHAPTER 6 TROUBLESHOOTING...............................................................................................13
VPN Error Messages................................................................................................................... 13
Troubleshooting the ISP Connection............................................................................................16
Uninstalling the Cisco Software:...................................................................................................17
CHAPTER 7 FREQUENTLY ASKED QUESTIONS........................................................................18
APPENDIX A - CONFIGURATION INFORMATION.......................................................................19
APPENDIX B - UPGRADING OR ADDING NETWORK COMPONENTS......................................22
Appendix C - METAFRAME USERS (Twinsburg Only)..............................................................23
Appendix D - Configuring WINS Server(s) for Microsoft Networking.......................................24
Windows 2000 & XP Users WINS Configuration..........................................................................25
Appendix E – Downloading Files from the WINDSTREAM CorpRAS Intranet Site..................26
Appendix F- Warning! WINDSTREAM CorpRAS-VPN WILL NOT WORK FOR YOU IF…........27
APPENDIX G- WIRELESS CONNECTIONS INFORMATION.........................................................28
4 Rev 08.21.06
 Introduction *** Please Read This Information ***

Before you install, read Appendix F!

Be sure to check out Appendix F if you don't have an WINDSTREAM CorpRAS account; if you use AOL,
CompuServe, AT&T, or Bell South as the Internet provider; or if you use "WinPoet" software to connect to the
ISP.

Caution Statement
The information contained in this document is intended to provide the tools necessary to configure an
WINDSTREAM owned PC to access to WINDSTREAM network services from locations outside of
WINDSTREAM. Therefore, a complete backup of the hard drive is encouraged before the installation process is
started. Additionally, a separate backup of all important documents on the computer should be performed. It is
also possible that this installation procedure may interfere with other communications packages and configuration
settings. Should this occur, an uninstall of the conflicting software, or the complete backup of the hard drive
should be used to restore the system to its initial configuration. Since no two PCs are configured identically, it is
likely that this procedure will succeed for most PCs, and fail for a small percentage of others.

Accuracy and Correctness

The following documentation has been prepared to facilitate the installation of the WINDSTREAM CorpRAS
Virtual Private Networking software. Due to the various “builds”, or versions, of each Microsoft Windows
Operating System available to the end user, some references to context or displays may vary slightly . It is
recommended that the user exercise best judgement in cases where the context or diagrams do not coincide with
those presented here. Please contact WCI LAN Desktop Services (800) 615-6227, Opt 2 or send corporate email
to WCI.LAN.Desktop.Servicecs for additional explanations or assistance.

Usage Restrictions
WINDSTREAM may export the necessary VPN software solution for WINDSTREAM internal use only to any
domestic or foreign WINDSTREAM subsidiary except in Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria.
Although it is permissible to export this software per United States of America law, it is advised that the
WINDSTREAM employee / subsidiary confirm there are no import restrictions for the country of destination.

Supplemental Instructions
WINDSTREAM CorpRAS Virtual Private Networking (CorpVPN) is used in conjunction with WINDSTREAM
WINDSTREAM CorpRAS. Although not required for this VPN software installation, consulting the
WINDSTREAM WINDSTREAM CorpRAS manual may be helpful. This manual provides detailed information
on SecurID and data gathering regarding other client software. This manual and media is available from the our
web site on the Corporate Intranet at: http://internal.WINDSTREAM.com/on_job/WINDSTREAM
CorpRAS/index.htm or

contact WCI LAN Desktop Services (800) 615-6227, Opt 2 or send corporate email to WCI.LAN.Desktop.Servicecs
for additional explanations or assistance.

This document is provided for the exclusive use of authorized remote access users. It should be
safeguarded and treated as company confidential material.

WINDSTREAM CorpRAS VPN support is available from the WCI LAN Desktop
Services at (800)615-6227 Opt.2

5 Rev 08.21.06
Chapter 1 Overview of the WINDSTREAM CorpRAS Virtual Private
Networking (VPN)

What is WINDSTREAM CorpRAS Virtual Private Networking?

VPN is short for Virtual Private Network. With WINDSTREAM CorpRAS-VPN, you will be able
to access the WINDSTREAM Remote Access System by way of a VPN “tunnel” across the Internet.
A VPN tunnel is a secured, private network path between you and WINDSTREAM using the public
Internet infrastructure as the connection method. This VPN connection is made possible with the
Cisco client software and the SecurID token.

IN T E R N E T
( P u b lic )
ALLTEL
C o rp o ra te
N e tw o rk

U ser / H om e P C
VPN Tunnel
( P r iv a te )

The benefit of this service is that use the existing Internet Service Provider (ISP) for
WINDSTREAM network access. You simply connect to the ISP as if you were planning a regular
session on the Internet. In this fashion, the WINDSTREAM network can be accessed toll-free
anywhere the ISP has a local phone number. Of course you should confirm that no long distance
charges will apply for dialing the ISP as well, and be sure you have ample hours or unlimited usage
from the ISP.

Once connected to the Internet, simply launch the Cisco client software which automatically creates
the VPN tunnel. You then, log into the WINDSTREAM network with the SecurID. When you are
successfully logged in, you will have access to:

 Exchange (E-mail)
 The Corporate Intranet
 Host computer systems via TCP/IP terminal emulation
 Most TCP/IP based software or devices
 MetaFrame server access: (Twinsburg users only)
 Shared drives on the Novell network.

Also, once a VPN connection is made, access to public Internet sites (Yahoo, Microsoft, etc) will not
be available unless you have an approved Proxy account.

6 Rev 08.21.06
CHAPTER 2 The SecurID Token

Introduction to the SecurID Token

WINDSTREAM Technology Services has implemented a security process that uses Security Dynamics ACE/Server
together with the SecurID token for logging on to WINDSTREAM's network. This product prevents unauthorized entry
to the RAS system. All users that access the RAS system will receive and be required to use a SecurID token.

The SecurID Token and ACE/Server System

The SecurID token contains a compact microprocessor and precise clock. This is to perform the calculations required to
generate a unique token code every sixty seconds. The token code is the number that changes every minute on the
SecurID token. Every token displays a different token code at all times. When you login to WINDSTREAM CorpRAS,
Ace/Server calculates the token code the token should be displaying. It uses this together with the login name and the
PIN you have selected to confirm the identity.
The dashes on the left side of the SecurID token display are a “countdown timer,” with one dash disappearing every 10
seconds. This shows how soon the token code will change. When all of the 'dashes' have disappeared, the token code
will change in less than 10 seconds. The SecurID token is fairly durable and has been engineered to survive in many
environments. However, it can be damaged through mishandling or abuse. Below are some precautions you should
observe to protect the token.

 Laptop Computers - You should not place the token on top of a laptop computer while it is in use. Security
Dynamics has informed us that some laptops, particularly some IBM Thinkpads, have a small hole through which a
small amount of radio frequency radiation, completely harmless to humans, can escape. But, this small amount of
radiation can deactivate a SecurID token.


 Keyless Entry Systems and Car Alarm Remote Controls - Some vehicle's keyless entry systems and car alarm
remote controls emit radio frequency radiation which is not harmful to people, but, can scramble the token's
programming. Please don't keep the token on the keys if you have one of those devices attached.
 Liquids - The token should not be immersed in any liquids. Doing so will result in complete failure.
 Electric Shock - The token should not be subjected to excessive electrical activity, including electromagnetic
radiation such as microwaves, x-rays, or excessive static shock. The token should not be harmed if passed through
airport security scanners, but, it is a reasonable precaution to put it in the tray with the keys at airport gates.
 Physical Abuse - Care should be taken to avoid damage to the token. Do not drop the SecurID token onto hard
surfaces or stress the token excessively.

The SecurID token has been programmed with a fixed life, three years from the date the token is issued. Each user will
be contacted in advance of that expiration date to fill out the necessary security requests for replacement tokens.

If at any time the SecurID token ceases to display a new token code, the token may have suffered an internal malfunction
or it has expired. If this condition arises, immediately notify the WCI LAN Desktop Services at(800)615-6227 Opt 2 or
send a corporate email to “WCI LAN Desktop Services” and arrangements will be made to have a replacement issued.

If the SecureID token is lost or stolen, contact the WCI LAN Desktop Services IMMEDIATELY. WCI LAN Desktop
Services will deactivate the lost or stolen token to eliminate any security exposures.

The SecurID token is property of WINDSTREAM Technology Services under license from RSA, Inc. It is provided for
use in conducting WINDSTREAM business that requires access to the WINDSTREAM computers using a dial-up
telephone connection or a broadband (cable modem or DSL) connection using VPN.

7 Rev 08.21.06
CHAPTER 3 MINIMUM REQUIREMENTS

PC properly configured running current revision level of XP or Windows 2000 /NT 4.0

CD-ROM drive

15 Mb free hard drive space

WINDSTREAM CorpRAS Virtual Private Networking CD-ROM Media (or downloaded copy)2

SecurID fob assigned to you by WINDSTREAM CorpRAS.

ISP or ability to connect to the Internet3

PC is NOT connected to an existing Local Area Network (LAN)4

Internet Browser (IE, Netscape) with 128 bit encryption5

WINS Server Information (Optional, see Appendix D)
Note: You will also need to install any software you need for accessing
WINDSTREAM resources once you're connected.
For example:
 Novell must be installed on the company PC if access the Novell drives is needed.
 Host software must be installedon the company PC (PowerTerm, Attachmate Extra, etc) if
access the mainframe Host systems is needed..
 E-mail software must be installed on the company PC (Outlook 2000) if access the e-mail is
needed. (or OWA may be utilized using Internet Explorer-
https://exchange.Windstream.com/exchange).
 Microsoft Word should be installed on the company PC if access Microsoft Word documents is
needed.
Contact the WINDSTREAM LAN/WAN Services group to obtain any necessary
software for remote use.
1
Windows 95 Users must be running version 1.3 of the Dial-Up Networking client service. This patch can be
obtained from Microsoft (www.microsoft.com) or downloaded from the WINDSTREAM CorpRAS Intranet
site. See Appendix E for information.
2
The WINDSTREAM CorpRAS-VPN Client software may also be downloaded from the WINDSTREAM
CorpRAS Intranet site.
http://internal.WINDSTREAM.com/on_job/WINDSTREAM CorpRAS/index.htm (Case sensitive: type
exactly as shown.)
3
AOL (America Online) or CompuServe users. VPN access is only supported by version 5.0 of the
AOL/CompuServe software. Earlier versions of the software probably will not work with VPN. Versions 6
and 7 of the AOL or CompuServe software usually doesn’t work with VPN.
4
Please note, if the PC you will be connecting with participates on a LAN (or is connected to another PC at
the location) it might be necessary to disconnect/disable it from the LAN prior to using this service.
5
Only required if access to certain Internal WINDSTREAM web sites is desired (benefits, e-stub, etc).

(Optional) Supplemental Instructions

Although not required for this WINDSTREAM CorpRAS VPN software installation, consulting the
WINDSTREAM Remote Access System manual may be helpful. That manual provides detailed
information on SecurID and ensuring you have the right version of Windows 95. This manual and
media is available from the Customer Service Center at. (501)905-8569 Opt.1 or (800)-373-8152
Opt.1 or by sending corporate email request to “WINDSTREAM LAN WAN Services”'. It can also
be downloaded from our web site on the corporate intranet
at:http://internal.WINDSTREAM.com/on_job/WINDSTREAM CorpRAS/index.htm

8 Rev 08.21.06
CHAPTER 4 INSTALLING THE VPN SOFTWARE – All Operating Systems

Read Appendix F to see if the ISP has known

problems working with WINDSTREAM
CorpRAS.
If you are upgrading from a previous
version, please see Appendix B before
you continue: To install Click on START
followed by RUN and type
c:\temp\vpn\install VPN 5.0.bat and press
Enter or Click OK.
1. If you have downloaded this software
from the WINDSTREAM Intranet site,
substitute the proper path to which you
have downloaded the software. (e.g.
c:\temp\vpn\install VPN 5.0.bat).
2. Click “Yes” to complete the
installation of the VPN client and
reboot the computer.

9 Rev 08.21.06
10 Rev 08.21.06
CHAPTER 5 ESTABLISHING VPN CONNECTION TO WINDSTREAM

* You must have an Internet connection prior to doing the following

11 Rev 08.21.06
 1. Click START / Programs / Cisco Systems VPN Client / VPN Client. The following screen
should appear, Highlight the connection* you need to use and Click Connect Icon.
*Choose WINDSTREAM Corp VPN-NAT if you are using a router at the location

3. When the User Authentication screen

comes up, enter the WINDSTREAM
CorpRAS assigned login name in the
Username field.

In the Password field, enter the 6 digit

tokencode currently displayed on the front of Example:
the SecurID token and click 'OK'. Username: e0012345
Password: 043383 (From Token)
Note: If you have already established the
PIN/Password for WINDSTREAM CorpRAS
on a dial-up connection, type the Passcode into
the Password field as you would for a dial-up
connection and click 'OK'
4. The User Authentication screen will
disappear briefly and return with prompt to
enter a new PIN.
It must be at least 4 characters long but, no
more than 8 characters. It can be all numbers,
all letters or any combination of numbers and
letters. It cannot include punctuation marks Example:
or other special characters. Password: 99KJ4 (My Pin)

Be sure to pick something remember but, not

something that could be easily guessed. For
optimal security, your password should not
include any words that can be found in any
dictionary.
Enter the PIN selected and click 'OK'.

5. Then, the screen will come back saying

"PIN Accepted” as shown.
After the number on the SecurID token has
changed to the Next, number, type in the
Passcode.
The Passcode is the PIN that you just created
and the token number from the front of the
SecurID token, together. Example:
Password: 99KJ4629736 (My Pin + Token Number)
Example: If you pick "123abc" for a PIN and
the Next, Token code is "968938", the
complete Passcode is: "123abc968938".
When it is entered, Click 'OK'

6. An announcement will come up when

successfully authenticated and logged in.
Click “Continue.”

_____________________________________________________________________________________________________________________________________________
_
8. Various logon / negotiation screens may now flash briefly. Once a successful VPN
connection is made, a small padlock icon will appear on the right hand side of the Windows
system tray (near the clock).

9. At this time access the WINDSTREAM Corporate network , WINDSTREAM Intranet, host
computers, MetaFrame Servers (Twinsburg only), or other TCP/IP based resources are
available.

Disconnecting the VPN Tunnel

1. To Disconnect from the private encrypted tunnel, Double-Click on the padlock icon in the
system tray and click on the “Disconnect” but,ton at the top left of the screen. Or, right-click
on the icon and select Disconnect from the context menu as shown below.

2. When you’re disconnected, the padlock

icon shows an open lock.
 The Next, connection with VPN
Future Logins
After first connection and established a PIN, the procedure gets easier..

Connect to the Internet Service Provider.

When you are connected…

1. Click on START / Programs / Cisco Systems VPN Client / VPN Dialer. Then, click
Connect.
2. When the User Authentication screen comes up, enter the WINDSTREAM CorpRAS
assigned login name in the Username field.
3. In the Password field, enter the Passcode. (Remember: the Passcode is the PIN and
token code in one continuous string with no spaces or characters between them) Then, ,click
'OK' to complete the connection.
To disconnect refer to steps 1 and 2 in " Disconnecting the VPN Tunnel" above.

CHAPTER 6 TROUBLESHOOTING
Cisco Client / WINDSTREAM Troubleshooting
 Can’t reach anything on WINDSTREAM network with browser or…
Before you establish a VPN connection , be sure to close all of the programs you are running,
especially the web browser, terminal emulation program, e-mail client, DOS windows, etc.
If that doesn't help follow these steps:
Windows 2000 or XP:
Click the 'Start' but,ton, then, select 'Run' and type in: cmd and click 'OK'.
In the command prompt screen, type in: ipconfig /release and press 'Enter'.
After a moment type in: ipconfig /renew and press 'Enter'.
(You may have to reestablish the connection after doing this)
 Cisco Client software fails to install, load, start, or generates Windows error. An
incompatibility or conflict may exist on the PC. Uninstall the Cisco software and confirm the PC is
at the current Windows revision level and has no other software conflicts. See also the ISP
Problems in this chapter.
 Failure to negotiate VPN Tunnel (prior to entering SecurID). Verify that you are connected
to the ISP provider and are able to browse the web, if please

VPN Error Messages

VPN error messages appear in the "Connection History" window which comes up while
establishing a connection with VPN.
Error Message: Possible Causes
Remote peer is no longer  If not connected to the Internet this error may
responding. display. Check to be absolutely sure the Internet
connection is good by trying to get to a site such
as http://www.yahoo.com (provided proxy access
is available).

Failed to establish a secure connection
to the security gateway.
 If the Internet connection is good, then, check the
group name. It is case sensitive and must be typed
exactly as shown in Appendix A.
 If the message starts with "Initializing the
connection", pauses about 30 seconds and then,
gets this message, you are probably not
successfully connected to the Internet. To verify,
try to reach some site on you visit frequently on
the Internet. If you are unable to reach it then,
check with the ISP to find out what is the problem.
 The group password may be in the wrong case or
otherwise typed incorrectly. The group password
is case sensitive so it must be typed exactly as
shown in Appendix A. Retype it and try again.
See the Next, page for details.
 If connecting through a DSL or T-1 line in a hotel,
it is probably sending Internet traffic through a
proxy server, which will also generate this same
message. There is nothing either the hotel or the
WINDSTREAM CorpRAS Help Desk can do
about this. Try making a Dial-up connection
instead.
 If you are a non-WINDSTREAM employee and
the account is configured for a dial-up connection
Next, the following will be displayed: this
message if you try to connect using VPN.
 User authentication failed  If you enter the login name and Passcode three
times before this message comes up, the
authentication has failed. Call WCI LAN Desktop
Services at (800)-615-6227 Opt.2
 If you get this message after the first time you
enter the login name and Passcode, then, there
may be a problem with the profile assigned to the
account. Call WCI LAN Desktop Services at
(800)-615-6227 Opt.2

Specific Problems:
 Failure to bring up the “Username / Password” prompt: If the screen in which you enter the
login name and Passcode never comes up, try this:
1. Click on “Start > Program Files > WINDSTREAM CorpRAS VPN Client > VPN Dialer”.
2. In "Connection Entry" click the drop down arrow and select "WINDSTREAM CorpRAS VPN-
NAT"
3. Then, click the “Options” but,ton and select “Properties”.
4. Make sure “Enable Transparent Tunneling” and “Allow IPSEC over UDP” are selected.
5. Try to connect again.
If this doesn’t help and you use a cable modem or DSL connection, look in ISP troubleshooting for
information on changing the MTU.
 You get the message “Failure to establish a secure connection to the security gateway”. Very
carefully retype the password in the Group Access Information section. To do this:
 Bring up the VPN dialer by clicking on Start > Programs > WINDSTREAM CorpRAS VPN
Client > VPN Dialer.
 Click on the “Options” but,ton and then, select “Properties”.
 At the top of the Properties screen, click on the “Authentication” tab.
 Check Appendix A for the correct password and carefully type it, exactly as shown, in the
password field.
 You get the message "Authentication Failed" after entering the login name and Passcode.
Call (501)-905-8569 Opt.1 or (800)-373-8152 Opt.1 and tell them you received an "User
Authentication Failed" message while attempting to login with VPN.
 Failure to connect after entering SecurID information. Always enter the SecurID username
and Passcode immediately. A time-out could occur. Also, it is possible the information was
simply mistyped. Try to connect again after the number changes on the SecurID FOB.
 Enter login information very carefully! If you have entered the WINDSTREAM CorpRAS login
name and Passcode accurately three or more times and failed to complete the CorpVPN
connection, you will probably require assistance from the WINDSTREAM LAN WAN Services to
reset the account.
 You are unable to print while a VPN connection is open.
 Bring up the VPN dialer by clicking on Start > Programs > WINDSTREAM CorpRAS VPN
Client > VPN Dialer.
 Click on the “Options” but,ton and then, select “Properties”.
 Under the “General” tab, click in the box Next, to “Allow local LAN access”.
 Click “OK” to complete
 reach the WCI LAN Desktop Services at (800) –615-6227 Opt.2
Troubleshooting the ISP Connection
Not all Internet Service Providers are created equal. If the ISP supplies a 'Front End', 'Connection
Manager' (AT&T, etc.), or other software that works in conjunction with the Microsoft Dial-Up
Networking software components, it might conflict with the Cisco software or vice versa.
Please note that this does not apply to AOL/CompuServe. The only AOL/CompuServe software
which we have found usually works with WINDSTREAM CorpRAS VPN is version 5 and only if not
installed as the “Default Internet Service”. Version 4 and earlier will not work and version 6 is
currently incompatible with WINDSTREAM CorpRAS and VPN.

Other Problems:
Connection is very slow:
WINDSTREAM CorpRAS VPN utilizes the Internet's infrastructure for the VPN connection to
WINDSTREAM. If the Internet is congested, or you are dialing in at a potentially peak Internet usage
time, performance may vary.
If you use DSL or a Cable Modem, slow performance can be caused by the MTU being set too large.
To check this, run the Set MTU utility. With for most users, click on Start > Programs >
WINDSTREAM CorpRAS VPN Client > SetMTU. If it isn't there: You'll find it in C: \Program
Files\ Cisco Systems\VPN Client \SetMTU.exe). In the “Network Adapters” window, click once on
the adapter card for the DSL or Cable modem connection, and choose the MTU size of 1250. This will
cause you to reboot afterwards, and will probably improve the speed the Next, time you reconnect. If
you've already done this but, are still having problems, try doing the same thing but, choose an MTU
size of 576 instead.
Can’t get beyond “Negotiating security profiles”:
There are a couple of things to try. Start the VPN client, click the “Options” but,ton and select
“Properties”. Click on the “Authentication” tab and change the name in “Group Access
Information” to CorpNAT. This name is case sensitive so enter it exactly as shown. Then, click
“OK” and try to connect again.
If that doesn’t help, removing and reinstalling the VPN client software frequently eliminates the
problem.
 Start the VPN Client, click the “Options” but,ton and select “Delete”. This deletes the
configuration information you’ve entered for the client.
 Next, close the VPN client and uninstall it following the steps on the Next, page.
 When you’re finished, reboot the PC and reinstall the client software following the steps in Chapter
3 and Chapter 4.
Can’t connect to anything after…
If upon installing the Cisco software Windows errors are generated or you are now unable to connect
to anything, start by uninstalling the Cisco software following the instructions on the Next, page.
Disconnected from the ISP
Next, if you find theself being disconnected upon creation of the VPN tunnel, the ISP might not be
configured to support VPN at the present time. Contact the ISP if this is the case.
ISP disconnections can also be caused by “noise” or other problems on the phone line or the
DSL/Cable Modem connection. You would contact the phone company to have the phone line tested
or the ISP concerning problems with the DSL/Cable Modem connection.
Uninstalling the Cisco Software:
1. Click on:
START / Programs / WINDSTREAM
CorpRAS VPN Client / Uninstall VPN
Client to start the uninstall procedure.
Click Yes to confirm.

2. Click “Yes” to delete existing

connection profiles.

3. Click “Yes” to delete the existing Cisco

certificates.

3. Click “Finish” to complete the uninstall

and reboot the computer.

Contacting the ISP:

It is possible the ISP is aware of what is necessary to correct any VPN issues you are having. You may
want to check the ISP's home page and search on VPN, or Cisco first. Also, check to see if they have a
newer version of their provided software (Front End, Connection Manager, etc.). Finally, if necessary,
contact the ISP's help desk and explain the following:

1. You are trying to connect through VPN using Cisco Client software, and you suspect there is a
conflict with their provided software or service. Ask if any patches or updates are available.
2. Never give out any passwords or other WINDSTREAM confidential information.
CHAPTER 6 FREQUENTLY ASKED QUESTIONS

Q: My modem connects at an acceptable fast speed, but, performance seems slow.

A: WINDSTREAM CorpRAS VPN utilizes the Internet's infrastructure for the VPN connection to
WINDSTREAM. If the Internet is congested, or you are dialing in at a potentially peak
Internet usage time, performance may vary.

If you use DSL or a Cable modem, try running the Set MTU utility, (Click on Start > Programs
> WINDSTREAM CorpRAS VPN Client > SetMTU). In the Network Adapters windows,
click once on the adapter card for the DSL or Cable modem connection, and choose the MTU
size of 1400. This will cause you to reboot afterwards, and will probably improve the speed the
Next, time you reconnect. If you've already done this but, are still having problems, try doing
the same thing but, choose an MTU size of 576 instead.

Q: On occasion, the dial-up connection is broken during the course of the session. Why does this
happen?
A: There are several possible problems. The modem may be set at a speed too fast for the quality
of the telephone line or modem. The line may have outside interference, or may be a bad
connection. Another telephone in the house may have been picked up during the session,
interfering with the session and causing it to fail. An in-incoming call to the house may have
caused a call-waiting beep which will also terminate the session.

Q: Can I access both the Internet and the WINDSTREAM Network at the same time with my
connection?
A: Yes and No. Once a VPN tunnel is established, you and WINDSTREAM are shielded from the
Public Internet. You will not be able to access public web sites via THE ISP while you are
using the VPN tunnel. However, if you already have Internet access from within the
WINDSTREAM Intranet, access the Internet as though you were at work. You will have to
activate the WINDSTREAM Proxy server within the browser while the VPN session is active.
Keep in mind doing this will make you subject to the WINDSTREAM Internet Usage Policy
just as though you were at work and that any sites you access will be recorded.

Q: My ISP only gives me a fixed amount of hours per month. Will access to the WINDSTREAM
WINDSTREAM CorpRAS VPN affect my hours?
A: Yes, hours spent on WINDSTREAM CorpRAS VPN are counted in the monthly hours
provided by the ISP. There are, however, many ISP's that provide unlimited monthly access.
Contact the ISP for more information.

Q: I cannot access Windows 2000 resources on the network.

A: See Appendix D for WINS Server configuration.

WINDSTREAM CorpRAS VPN support is available from WCI LAN Desktop Services :
(800)-615-6227 Opt.2.
APPENDIX A - CONFIGURATION INFORMATION

Hostname for all sites:

mas.WINDSTREAM.com (Primary Server)
mas1.WINDSTREAM.com (Backup Server)

WINDSTREAM Corporation Employees:

Group Access Information

Name: CorpMAS
Password: access11

Depending on the type of connection the Internet Service Provider uses, you may have to use the
CorpNAT group name instead. The password is the same for both. See chapter 6, "Troubleshooting",
"Troubleshooting The ISP Connection" for more information on when to use CorpNAT.

Name: CorpNAT
Password: access11

*Note: Group name and password are case sensitive.

Non-WINDSTREAM Employees:
Check the e-mail notification or the management for the correct group name and password. If you did
not receive this information, call WCI LAN Desktop Services at (800)615-6227 Opt.2. Inform them
that you are a Non-WINDSTREAM employee who uses WINDSTREAM CorpRAS and ask for
second level support. We can provide you with the group access group name and password.

*Note: Group name and password are case sensitive.

 How to create a VPN Connection for Temporary \ Contractors

Open the VPN dialer, Click Connctions Entries , Click New

Enter the group access information into the Group Authentication section
*Note: Group name and password are case sensitive.
Click Backup Servers Tab, Check Enable Backup Serveers, Click Add

Enter mas1.WINDSTREAM.com, Click OK

Click Save, the new VPN Connection is now created. use this connection like the preconfigured
connections.

APPENDIX B - UPGRADING OR ADDING NETWORK COMPONENTS

First: The older version of VPN software must be uninstalled before the new version is installed or
before you add any network components (especially network cards). Turn to page 18 and follow the
instructions there to uninstall the previous version of the VPN software.

Then,: After the old version is removed, turn to Chapter 3 for the installation instructions.
Appendix C - METAFRAME USERS (Twinsburg Only)

If the PC has been previously set up for the WINDSTREAM RAS and have access to MetaFrame
servers, simply establish a VPN tunnel as described in CHAPTER 5 ESTABLISHING VPN
CONNECTION TO WINDSTREAM WINDSTREAM CorpRAS VPN. Then, proceed to double click on
the ICA as you normally would. Functionality is the same as WINDSTREAM Dial-Up RAS.
Appendix D - Configuring WINS Server(s) for Microsoft Networking.

WINS is a DNS like service for Microsoft networking. It provides resolution for Windows NT servers.
If you will be using WINDSTREAM CorpRAS VPN for Remote Node connectivity to Windows NT
Server resources you may need to complete this section. To obtain the correct information please
contact the local LAN/Desktop Site Service Administrator for the IP addresses for the WINS servers.
Complete the following based on the information you receive.
Primary WINS _________._________._________._________

Secondary WINS _________._________._________._________

Windows NT 4.0 Users WINS Configuration

WINS Configuration similar to that of Windows 95/98ME is not supported. WINS Information for
remote access connections can only be configured within Dial-Up Networking. However, many ISP's
push down DNS information automatically. If the ISP automatically assigns DNS information, WINS
can not be configured on the NT 4.0 workstation.

If the ISP uses manual DNS configuration (“Specify name server addresses”), WINS information can
be entered below the DNS servers under the Dial-Up Networking configuration. See example below:

1. Double-click on the “My Computer” on the

desktop, then, on the Dial-Up Networking icon.

In the Dial-up Networking screen, click on the

“More” but,ton and select “Edit entry and
modem properties”.

Finally, click on the Server tab and on the

“TCP/IP Settings” but,ton.

Complete the WINS fields, and Click OK.

Windows 2000 & XP Users WINS Configuration
If you learn that you need WINS servers configure in
WINDSTREAM CorpRAS, first get their numeric TCP/IP
address from the network administrator.
1. Click on the “Start” but,ton, then, Settings > Network
and Dial-up Connections > (The WINDSTREAM
CorpRAS connection icon) Brings up the “Connect…”
screen.
[If you have more than one WINDSTREAM
CorpRAS connection you should repeat this for
each of them.]
2. This brings up the “Connect…” screen shown here.
Click on the “Properties” but,ton.

3. At the top of the screen click on the “Networking” tab.

Then, in the “Components checked…” screen, double-click
on “Internet Protocol (TCP/IP)”.

4. That brings up the “TCP/IP Properties” screen. Click

on the “Advanced” but,ton and then, on the “WINS” tab.

5. Click on the “Add” but,ton to bring up the “TCP/IP

WINS Server” screen and type in the first TCP/IP address
you were given. Click “OK”. Then, click the “Add”
but,ton again to type in the second WINS server address
and click “OK” to add it. Then, click “OK” until you are
back at the properties screen.

The WINS servers are now configured.

Appendix E – Downloading Files from the WINDSTREAM CorpRAS
Intranet Site

Finding the WINDSTREAM CorpRAS Intranet Site:

1. Go to the Corporate Intranet site at http://internal.WINDSTREAM.com
[Note: If you have Extranet access then, download the VPN client software through the Extranet.]
2. Click the yellow “On the Job” but,ton then, click the "LAN/Technology" but,ton at the top left.
3. In the top left corner of the screen, click on “CorpRAS"
4. This is the WINDSTREAM CorpRAS home page. For downloadable forms, documentation or
software, click on “Download Section”.
5. Click on the description of the item to download.
6. A screen will appear asking if you want to open it or save it to disk. Be sure that “Save it to disk”
is selected and click OK.1
7. The “Save As” dialog box will come up with the location the file will be saved to in the field
labeled "Save in:” Decide which directory you want the file to be saved to, double-click on the
directory to open it and click on “Save”. Important! Be sure you know where the file is being
saved on the computer! And be sure you make note of the file name! Also, do not delete the
installation file after completing the setup. You may need it again, so keep it where it will not get
deleted.
8. If you have the Novell NetWare Client installed on the PC, consult the WINDSTREAM
LAN/WAN Services group about installing this upgrade. It may ask for certain Novell files that
the computer may not be able to find. If possible ask the WINDSTREAM LAN/Desktop Services
group to perform this upgrade for you.

1
If the browser opens the file without asking if you want to save it, click on the “Back” but,ton to
return to the “Download Section” page. Then, Right-click on the description of the file you wish to
download and select “Save Target as:” (Internet Explorer) or “Save link as:” (Netscape). Then,
proceed as in step 7 above.
Appendix F- Warning! WINDSTREAM CorpRAS-VPN WILL NOT WORK
FOR YOU IF…

You do not have a WINDSTREAM CorpRAS account:

You must have a WINDSTREAM CorpRAS account. If you need information on
WINDSTREAM CorpRAS, go to the Corporate Intranet home page. Click on “On The Job”.
On that page, click on "LAN and Technology" and then, click on “CorpRAS." There you will
find information and news on WINDSTREAM CorpRAS as well as documentation and
application forms.
The ISP is:
America Online or CompuServe: Currently, WINDSTREAM CorpRAS-VPN should work
with version 5.0 or 5.01 of AOL/CompuServe software. It probably will not work with earlier
versions of the software. AOL/CompuServe version 6.0 and later will likely scramble all other
dial-up networking communications, and almost never works with VPN. We suggest that you
not install versions 6 or 7 of the software. We don't recommend using AOL or CompuServe.
AT&T: If the ISP supplies a 'Front End', 'Connection Manager' (AT&T, etc.), or other software
that works in conjunction with the Microsoft Dial-Up Networking software components, it
might conflict with the Cisco software or vice versa. If you are an AT&T ISP user and you
have problems, you may need to have the latest patch or AT&T Dialer installed to use VPN.
The DSL Provider is:
Bell South: You must disconnect the DSL session before you install the Cisco VPN client.
Failure to do so will likely result in corrupted files and a lengthy repair and reinstallation
process.
The DSL Provider uses:
WinPoET: If you use WinPoET to connect to the DSL service you might have problems with
VPN, especially with connecting to the LAN and sending email with attachments. Some
people don't have this problem with WinPoET and some people do. If you try it and it doesn't
work for you, you may want to consider another connection adapter.
The Cable Modem Provider is:
(No problems reported with cable modem providers at this time.)

You will likely have problems if:

You make changes to the network settings while VPN is installed.
Several people have had problems with this. We recommend you completely remove VPN from the
system before adding or removing any network components (like a network card or a network
protocol). When the network is working the way you want, THEN, reinstall the VPN software. This is
very important. Instructions on how to uninstall the VPN software are on page 18.
APPENDIX G- WIRELESS CONNECTIONS INFORMATION
*NOTE- If you have just installed the wireless 1X phone and software and now the VPN dialer is not working, first
try reinstalling the WINDSTREAM CorpRAS VPN Client software available at:
http://internal.WINDSTREAM.com/on_job/CorpRAS/CSC_VPN_download.htm

FAQ

1. What does WINDSTREAM WINDSTREAM LAN/WAN Services support for the end user?
A single VPN\RAS connection from an WINDSTREAM laptop using an WINDSTREAM wireless
product. See link for support phones:
http://ic3.WINDSTREAM.com/docs/support/3g1x/screenshots.htm
For assistance call the WCI LAN/Desktop support line @ 1-800-615-6227 option 2.

2. Does WINDSTREAM LAN/Desktop support all "wireless" connections?

We support 1X compatible WINDSTREAM phones. WINDSTREAM LAN/Desktop does NOT
support "wireless" in general at this time.

3. What WINDSTREAM LAN/Desktop does NOT support for the end user?
The installation and/or setup of the 1X phones/air card.
*For assistance with the installation and setup of the 1X phone/air card call the 1X helpdesk at
1-866-299-4039 opt. 2.

4. Who does the user call if their phone or air card may be defective?
Call 1-866-299-4039, option 2 for technical assistance

*As long as the user is in a digital coverage area and has an available connection to the internet via
the wireless card there should be no problems connecting to WINDSTREAM network via VPN.
If you are experiencing problems please call the WINDSTREAM LAN/Desktop/RAS helpdesk
at1- 800-373-8152 opt. 1.

HELPFUL LINKS FOR WIRELESS USERS

User manuals and installation- this is an interactive page to help with the installation of the Wireless
products. The card /phone should already be setup and working before you call with VPN/RAS
connectivity issues. http://ic3.WINDSTREAM.com/docs/support/3g1x/screenshots.htm

WINDSTREAM's sales associate site about the 1X service. This site includes the following:
 Location maps that support 1X
 Pricing info
 End user support numbers, for the 1X and QNC service.
 FAQs

http://internal.WINDSTREAM.com/prod_serv/data/1xdata/index.html