Solved

Recommendation for Small Business VPN

Posted on 2007-11-30
8
322 Views
Last Modified: 2013-11-16
Here is an overview of our company structure:

25 employees (with more to come)
10-15 off-site could be offsite at anytime (with more to come)

We currently run 1 server with Windows Server 2003 SBS. Our current VPN solution is a Watchguard Firebox x700. However, we're having a lot of issues with it.

1) I haven't been able to get windows authentication to work with it. So we're currently using the built-in proprietary authentication. It'd be a lot easier to manage the users if I could simply have a security group that contains which users can connect remotely.

2) Users aren't able to easily use mapped drives/network shares. Once they connect to the VPN (Mobile User VPN is the client software), they have to use shortcut folders that reference the server by IP rather than server name. For some reason, it'll connect with the IP, but not the name.

3) Our users seem to get disconnected at the same time everyday. Right around 4:30pm, they get disconnected and have issues trying to reconnect.

I've spoken with support for all 3 of these issues and haven't made much headway at all. Needless to say, we're incredibly frustrated with this product.

What I need are some suggestions to replace this device. It is currently operating as a router, VPN, and firewall. Software and hardware solutions are both welcome. I've been looking into Citrix Access Essentials, but thats obviously quite expensive compared to a hardware solution.

So the short story: I need a VPN solution that is reliable and can easily handle Windows Authentication and will allow users to access network shares without having to jump through hoops.

Any help is appreciated, thanks!
Derek
0
Comment
Question by:derekkromm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 20383205
>>"I need a VPN solution that is reliable and can easily handle Windows Authentication and will allow users to access network shares without having to jump through hoops."

Though my preference would be the Watchguard MUVPN,to answer your question, use the SBS built-in VPN service. It's easy to configure, deploy, and administer, uses windows authentication, and will easily allow you to map drives/shares. If the computers are members of the domain, the logon box (ctrl+alt+del) will have an option to connect using dial-up connection. Check that and the VPN will be an alternative. This way the VPN connects before logon and group policy can be applied and logon scripts run to automatically map drives.
http://www.lan-2-wan.com/SBS-VPN-instr.htm
0
 
LVL 15

Author Comment

by:derekkromm
ID: 20383266
Do you know of any huge benefits to using the Watchguard as opposed to the SBS VPN service? Basically, why is it your preference?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20383356
A hardware VPN solution, in general or in theory, will provide a little better security as it is a perimeter device and uses IPSec rather than PPTP, and should give slight performance improvements where it is a device dedicated to encryption and decryption. The other point it is more difficult for an unauthorized user to set up a client. Windows client is built in and just requires connection and user information. Sometimes users share their passwords. Watchguard requires access to the config file which can be secured.

However, with less than 25 users I would think the benefits would out weigh the above considerations. at least you can test it without any hardware expanses.
0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 15

Author Comment

by:derekkromm
ID: 20383552
Ya, I plan on testing it out over the next month to see how it goes. The cost (or lack thereof) is defintely a huge benefit.

Have you ever ran into any of the problems I currently have w/ the Watchguard? Do you have any suggestions on how I could potentially fix them? I, too, would prefer a hardware solution if we are able to correct these issues.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20383690
I haven't used windows authentication with Watchguards. It wasn't an option as I recall on the less expensive SOHO's I used. However, most will let you use a Windows RADIUS server for authentication. In the RADIUS server policies you can allow members of a named group access. This way you simply have to add your new users to that group to give them access. User profile under Dial-In has to be checked appropriately (Control Access through Remote Access Policy). You may be doing this now.

As for name resolution that is a problem. Simplest and most dependable method is to put a little batch file on the user's desktop. After connecting the VPN click on the batch file to map drives by IP.
If you can, another alternative is to add the primary sites DNS server to the MUVPN client. Then you should also change the binding order of the VPN adapters to make the VPN first. This is done in control panel | network connections | on the menu bar chose Advanced | advanced settings | Adapters and binding order.  If the VPN adapter is not present you need to open the VPN security policy editor and on the "My Identity" tab of the policy select virtual adapter required. Then re-boot the PC.

As for the 4:30 problem that is bizarre. That sounds like an ISP problem or a power glitch. Is the router on a UPS? How long does it last, i.e can they reconnect right away?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20383718
One other possibility for name resolution is to use NetBIOS names. NetBIOS broadcasts don't work over a VPN, but you can add the remote servers/PCs and IPs to the client LMHosts file. If you are not familiar with Hosts/LMHosts files let me know.
0
 
LVL 15

Author Closing Comment

by:derekkromm
ID: 31411942
Thanks a ton!!! Very helpful :)
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 20384624
Very welcome Derek, Thank you.
Cheers !
--Rob
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question