[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

Incompatible VPN Clients

Quick question (well, maybe&):  I have had 5 techs test the VPN connection I set up to our file server with a Cisco Router and Client, 3 with success, and two without.  The two that failed get the generic check your firewall and password error box.  These two also have 'other' Cisco VPN clients installed on their laptops.

I have heard of Cisco VPN clients failing on PCs with _other_ Cisco VPN clients, but I have not found a resolution short of un-installing one before using another&  I believe the problem VPN clients have Watchgaurd nuVPN 7.3 components but cannot swear to that at this time.

Is any of this familiar, and of so, have you come up with a resolution short of the install  uninstall circle?  The techs find it to be quite the PITA to say the least.

I realize I may have posted previous questions to this in the past, but as it took me nearly a year to finally get our VPN setup and usable, I have managed to confuse the devil out of myself as to what is resolved and what is not...
Thanks,

Ray L.
0
raylab
Asked:
raylab
  • 3
  • 2
1 Solution
 
Rob WilliamsCommented:
You have multiple Cisco clients installed ?? That could cause problems. Normally you would un-install the client and install the new one. You can have numerous connections configured for multiple sites that use the same client, that is no problem, but not multiple Cisco clients/versions.

Also you mention Watchguard's MUVPN client. Many different VPN clients do not "play" well together. The MUVPN client, made by SafeNet and also distributed under the Netgear ProSafe name, does not work with most other VPN clients. You cannot have it installed on the same machine as the Cisco client.

Having said that, if it is absolutely necessary, some folks have succeeded having both installed by writing a script to stop specific vendor services and restarting others when switching clients.
0
 
raylabAuthor Commented:
A little inference here:  (Forgive me if I read too much into what you stated, but:)

So, if we set the service related to each VPN client to Manual startup, then started/stopped them as needed, this would bypass the problems?  Is it really that simple?  Even if we started & stopped the services manually, that would be a better solution than installing & un-installing...

Ever see a list of which clients are compatible to other clients?  Or is this one of those things that is best learned through experience?

Thanks,
Ray L.
0
 
Rob WilliamsCommented:
>>"So, if we set the service related to each VPN client to Manual startup, then started/stopped them...."
That would accomplish the same thing as the script. However, this will not work with multiple Cisco clients as they share the same services. It should work with Cisco and Watchguard. The Cisco service I believe is "Cisco" but the Watchguard is likely "SafeNet" or "SafeNet IKE" service.

>>"Ever see a list of which clients are compatible to other clients?"
No. Generally speaking clients that use the same protocol, such as these which both use IPSec, have issues.

A couple of ways around this are:
1) Set up one router/site to use PPTP, and the other to use IPSec. This way the clients do not overlap. You may not have control of those sites to do so.
2) Have you worked with Virtual PC or Virtual server? I run VMWare's virtual workstation on my PC. I then have different virtual machines running different VPN clients. You need some extra horsepower and XP licenses to do so, but it works very well.
http://www.vmware.com/products/ws/
MS Virtual PC is free and works well also:
http://www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx

0
 
raylabAuthor Commented:
You are correct.  We have little control (typically none) in the Server setup or selection.  For all general purposes we are a Service Vendor and have to work with whatever network environment our clients have already in place.

Virtual PCs may be a solution, I already have that in my list of options to test out...  The added licensing and maintenance costs are not all that attractive, but it may be the lesser of many evils.

Your explanations make good sense and confirm what I thought I understood before.  Being new to the VPN world and struggling to manage all the IT Admin responsibilities, I am a little behind the technologies...

Thanks.
0
 
Rob WilliamsCommented:
Very welcome Ray, and thank you.
Virtual is a good solution to a lot of things these days. I too manage many client configurations, and you are often stuck working with their current set ups such as VPN clients.
Virtual also gives you the ability to "take a snapshot" of an existing virtual PC, then test and create temporary configurations, and at the click of a "button" return to your original configuration.
Good luck with it.
Cheers !
--Rob
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now