Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Check Point VPN connection from a Hotel to your Corporate Site.

Posted on 2004-09-15
6
Medium Priority
?
746 Views
Last Modified: 2013-11-16
This has got to be a common problem.  So what are some of the solutions?  You have a user at a hotel sitting behind the hotel's firewall and they want to connect to your corporate site. I'm using Check Point NG FP3 and SecureClient.
0
Comment
Question by:mobot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 23

Expert Comment

by:Justin Durrant
ID: 12066757
Hi mobot,


These are really hard to troubleshoot since you don't know what restrictions the hotel might have on their firewall.

JJ
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1000 total points
ID: 12067111
Many hotel highspeed connections give you the option of accepting a public IP address, specifically if you want to VPN back to your corporate network, or a private IP behind their firewall. Even with a firewall, most hotels have already made provisions to permit all types of VPN's.
0
 

Expert Comment

by:csalisbury
ID: 12115037
Most hotels firewalls I've had the chance to look at deny very little outbound traffic if any at all for their 'guests'.  And those that do have the common sense to open IKE, ESP, etc... If you find this is becomming a major problem you may want to look into some of the great SSL VPN solutions out there like F5's Firepass, or Juniper Networks Neoteris.  Both of these appliances are rock solid, but I'd lean towards the Firepass... Good Luck!
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 

Author Comment

by:mobot
ID: 12128270
My concern is not the hotels allowing outbound traffic.  It's will they allow inbound traffic back from my site.  I'm told the challenge is not getting out, it's getting back in.  Am I misunderstanding how the VPN works?  That is, if a connection is successfully made between the user at the hotel and my site.  Then the traffic from my site is being accepted by the hotel firewall and allowed to pass through it, and back to the user.  If the hotel's firewall rejects or drop the traffic from my site the user at the hotel will never make a successful connection in the first place.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12128652
>the traffic from my site is being accepted by the hotel firewall and allowed to pass through it, and back to the user
No. The firewall will never see the traffic. It is tunneled in an encrypted stream from your VPN endpoint direct to the user. All the firewall sees is a connection to your public IP address.
0
 

Expert Comment

by:BCSCOPS
ID: 13596152
There is something called Visitor Mode Checkpoint claims that it will overcome this problem ( of Hotels blocking IPSec traffic ). Haven't tried it yet but will be looking at it. In the meantime we deal with this on a case by case by talking to the hotels' helpdesk. I have noticed though that more and more hotels have addressed this issue...
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question