Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1138
  • Last Modified:

Zone Alarm causes conflicts with VPN clients on Windows XP machine

Hi experts.  This one has me buggers!  I have a client, who does programming for different manufacturers and has to connect through muliple VPN clients to access their networks.  Sometimes it seems hard to get this stuff to all work together.  Currently they use Cisco client primarily along with Windows VPN.  Also, one of their clients requires Aventail with Zone Alarm Integrity client, which just seems to be a proprietary client put out by Checkpoint.  I won't even get into the AT&T client, since that won't work with anything.  We have to have that set up alone on it's own machine.
The Zone Alarm seems to be the problem.  Whenever the Zone Alarm is loaded at system boot it will lock up the machine.  If I disable the True Vector Service and change the preferences to prevent the program from loading on start up everything is fine to boot.  The other problem is that I can't remove Zone Alarm with the Add and remove Programs.  At this point something seems to be damaged as I can't connect through the Cisco or MS VPN.  I ran winsockfix, but that didn't work.  We have this same setup on about 10 Dell laptops and I only just ran into the issue on our two newest machines-Dell 620's.  I finally did a clean install on one to get it cleaned up, but it's still an issue on this machine.  Help experts! I've spent many hours beating myself up on this one.
0
baggio8
Asked:
baggio8
  • 4
  • 3
  • 2
  • +2
1 Solution
 
redseatechnologiesCommented:
Hi baggio8,

What is stopping you from just purging your network of ZoneAlarm and simply using the Windows firewall in SP2?

ZoneAlarm has never been good with VPNs, you need to add it as a trusted IP Address (the VPN server) before it will get close to working

-red
0
 
baggio8Author Commented:
I'd drop it like a hot potato if I could.  The proprietary design of Aventail requires that the Zone Alarm Integrity client be loaded before it will allow the VPN client to connect.  
0
 
redseatechnologiesCommented:
What a pain.

Have you tried manually reconfiguring ZA so that it cosiders the VPN server addresses as trusted?
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
Steve KnightIT ConsultancyCommented:
Personally what I do for customer connections is have a VMWARE virtual 2000 or XP machine for each client with their own VPN client software installed and any patches and AV software they insist on.  I use it on VMWARE workstation as I have a licensed version but it could easily run on the free VMWARE player too.  This connects back through bridged network connection and gets IP from DHCP as normal and to all intents and purpose is just another machine on the network.  The virtual machines connect back to host machine to share files etc.  It also means that people that need different software versions that clash or issues like you have only effect one VM - you can also roll this one VM out to all your laptops by simply copying the directory and changing the hostname :-)

Steve
0
 
Steve KnightIT ConsultancyCommented:
(Sorry, I don't know how to fix your current problem, just been there with client apps breaking other stuff already installed like this which is why they all go on seperate VM's...)

Steve
0
 
Smacky311Commented:
I have several questions to narrow down your issue.

1.  Have you tried removing Zonealarm in safe mode?
2.  What error message do you get when trying to connect through the Cisco VPN client?  
3.  Can you telnet through the VPN port that you are using?
4. A). What transport protocol are you using in the cisco client, UDP or TCP?  (have you tried switching protocols)
    B). If TCP then what port are you trying to connect through and have you tried using an alternate port number?
5.  What happens when you perform a trace route to the VPN host?
6.  What version of the cisco VPN software are you using?  Have you tried another version?
7.  Assuming the new Laptops have a different hardware abstraction layer, then I assume they are imaged differently.  In this case what software is installed on these laptops that is not on the old laptops (windows updates, new software versions, different network cards or more recent network card drivers, Adobe 6.0 rather than Adobe 6.4...etc)
0
 
Smacky311Commented:
8.  This is probably obvious from the above, but please verify the version of the VPN client you are using is the same on the older and newer machines.
0
 
lrmooreCommented:
We've solved a very similar situation by using Virtual machines. Create a different virtual machine for each unique VPN client/requirement. Use Microsoft Virtual PC to create the VM's and then you can use VMWare's free player to run multiple VM's at once on most any good desktop.
0
 
Steve KnightIT ConsultancyCommented:
lrmoore: snap :-)
0
 
baggio8Author Commented:
Hello experts!  Thank you for your feedback and sorry for my delay in responding.  
Since my initial post my first laptop that I did the clean install on just "done blowed up".  I have since performed new clean installs on both and they are (for now) working fine.  I can provide no explanation as to why or how I accomplished this, nor do I care to continue.  I have come to the conclusion that it is folly to further consider "why bad things happen to good software"  and to babysit misbehaving rogue applications.  
The VM ultimately sounds like the way to go, but I haven't a clue as to how to proceed.  I have multiple copies of MS VM 2004 and I see where to download the VM Player.  Do I need to have multiple licenses of the OS on each laptop? Would it make sense to set up the laptop standard config with Cisco client and then add a VM for Aventail and a VM for AT&T client?  How would I do this?

Thanks experts for your valuable information!  
0
 
baggio8Author Commented:
Merry Christmas experts.  I didn't get any feedback to my last post.  Please respond so I can get this info and I can close the question.

Thanks!
0
 
Steve KnightIT ConsultancyCommented:
Didn't see the last question sorry - think I read it at the time and saw you saying you'd rebuilt and assumed that was it.

Yes technically (actually) you need multiple OS licenses, one per install of the OS afaik..... I would suggest adding a VM for the machine that drops the network connection to your local LAN which in this case was the Cisco I think.  Then you can continue to use your main machine and any other vpn's on there at the same time as the Cisco etc.

I used this technique at one customer site with Virtual PC just fine if that is what you have ... my preference is VMWARE but Virtual PC will do the same and you have the software... VMWARE Player is irrelevant here unless you have a copy of VMWARE to create the virtual machine in the first place... Just install VirtuaL PC on all machines you want to have it on.

Don't forget this is a proper machine on the LAN so it needs patching, AV, firewall turned on etc. as any other.

Merry Christmas and all that!

Steve
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 4
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now