?
Solved

Choosing a VPN solution for mobile remote clients

Posted on 2007-07-26
7
Medium Priority
?
1,082 Views
Last Modified: 2013-11-16
I'm looking for a VPN solution for mobile users.

We've been using the built in Server 2k3 vpn, but have had problems with connectivity behind different routers, Linksys especially seems to block the connection.

I'm a big fan of Watchguard, but am not adverse to other options.  I was thinking about using a SSL VPN solution, but if there is an IPSEC technology out there that will bypass these problems I'd love to here about it.

Also if your suggested product is a security solution as well as a VPN, a big help if it can run exchange using RPC over HTTP.

Thanks in advance for your help

JT
0
Comment
Question by:JTCollins
7 Comments
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 19575475
Are you using PPTP VPN or IPSec with Server 2003? Very surprised, especially if using PPTP. Wonder if that is not be the problem. Wouldn't want you to buy a $1000 solution to find it doesn't resolve the problem. One possibility; any chance you are using the 192.168.1.x subnet at the server site? If so you will not be able to connect any remote clients that are behind a router using the same subnet, the Linksys default. Just a thought.

As for Hardware options, my preference would be the Cisco's, especially the new ASA series. Very dependable, easy to configure, and great support. However, I would support you 100% with Watchguard. I used those for quite a few years and they are great units. Only downside I found was their support was good, but very slow responses.
Cisco also supports SSL on some of their units and all will support RPC/Http, but so will Watchguard.
0
 
LVL 1

Expert Comment

by:servitinfo
ID: 19577305
I would consider using a FortiNet Fortigate UTM appliance.  You can use both IPsec and SSL-VPN.

The have far more features than WatchGuard, are easy to configure and not bound by user limits.

Second of all, if you want a true secure solution, do forget PPTP.  It's not very secure.

I would recommend a FG in combination with Vasco Tokens in SSL-VPN mode.
0
 
LVL 13

Expert Comment

by:hstiles
ID: 19578166
The big factor with IPSec VPN using Watchguard Mobile User VPN is that clients will need to install the Watchguard client and a configuration file.   Granted, you can make this available from a secure https or FTP server, but it still means an 8MB download for each client.

The Watchguard SSL VPN is efectively the Citrix SSL gateway OEM'ed.  It's a very powerful product.

There are other solutions- suh as Citrix Presentation Server with a secure web interface.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
LVL 1

Author Comment

by:JTCollins
ID: 19579840
You know, I feel ridiculous.

I've setup 9 office to office VPNs so was well aware of the need for different subnets, but that never even occurred to me...btw we're using IPSEC.

Regardless of my brief lapse into the world of incompetence, I still need a beefier solution than we have now.

I haven't used Cisco's much outside of the pix 501 series, this was in 03 when they were still command line only, is there a GUI on the ASA and how is it?

I like the VPN throughput to price point that Watchguard offers versus Cisco (at least the last time I did serious research on it, about 9 months ago).

I spoke with Watchguard on Monday and the Firebox® SSL Core" Gateway is at its end of life cycle.  The rep said they would be launching a new one in fall.

I don't need an extremely high end solution, scalable of course but trying to stay under the 700ish price range.  If that will get me a security solution and vpn solution in one box all the better.


servitinfo:

I'm not familiar with FortiNet but I'll definitely check them out.


hstiles:

I'm ok with the WG client, the laptops will be in a corporate networking environment so I'll push down the install on logins, on the SSL box where exactly do the clients connect to after VPN authentication?  Do they run apps directly from their computer or a remote session? Do I have to do any TS licensing?
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19579910
I recommended Cisco as I have switched form Watchguard to Cisco. I am not a staff IT support person, but rather an independent, and I found Cisco is such a standard in the industry, it was a far easier sell than any other product. For example I recently went into a car dealership that did financing and they asked why they should  but a Cisco from me. I asked them to get out their Equifax security questioner, and read the first question; "do you have a Cisco firewall in place". Basically in the IT world there is Cisco, and the other guys.

As for pricing I haven't found much difference when you are comparing apples to apples. You should have a SmartNet contract with it, which ups the price slightly, but still very reasonable, and the support is fantastic.
As for usability, I am quite comfortable with VPN's but by no means a "Cisco Guy" or a CCNA, however I have never had a problem configuring any features I need to use on an ASA5500, as the GUI is very user friendly.

Though I haven't worked with SSL VPN's and Cisco, the newer ASA series has that as an option should you feel it is necessary.
0
 
LVL 1

Author Comment

by:JTCollins
ID: 19586376
Thanks for the help everyone,

I wound up going with the CISCO ASA5505-50-BUN-K9, my decision to go with Cisco was largely based on the fact that it took 3 days for WG to call me back from a message I left w/ pre-sale questions.  I've dealt with Cisco and used their SmartNet service in the passed and it was a good experience.

Thanks for all the help.

JT
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 19586959
Thanks JTCollins. Think you made a good choice. I have been very pleased with both the similar units  I have bought, and the support. As I mentioned earlier, like you, I find Watchguard's support very slow to respond.
Cheers !
--Rob
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question