Recommendation for Small Business VPN

Posted on 2007-11-30
Medium Priority
Last Modified: 2013-11-16
Here is an overview of our company structure:

25 employees (with more to come)
10-15 off-site could be offsite at anytime (with more to come)

We currently run 1 server with Windows Server 2003 SBS. Our current VPN solution is a Watchguard Firebox x700. However, we're having a lot of issues with it.

1) I haven't been able to get windows authentication to work with it. So we're currently using the built-in proprietary authentication. It'd be a lot easier to manage the users if I could simply have a security group that contains which users can connect remotely.

2) Users aren't able to easily use mapped drives/network shares. Once they connect to the VPN (Mobile User VPN is the client software), they have to use shortcut folders that reference the server by IP rather than server name. For some reason, it'll connect with the IP, but not the name.

3) Our users seem to get disconnected at the same time everyday. Right around 4:30pm, they get disconnected and have issues trying to reconnect.

I've spoken with support for all 3 of these issues and haven't made much headway at all. Needless to say, we're incredibly frustrated with this product.

What I need are some suggestions to replace this device. It is currently operating as a router, VPN, and firewall. Software and hardware solutions are both welcome. I've been looking into Citrix Access Essentials, but thats obviously quite expensive compared to a hardware solution.

So the short story: I need a VPN solution that is reliable and can easily handle Windows Authentication and will allow users to access network shares without having to jump through hoops.

Any help is appreciated, thanks!
Question by:derekkromm
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 77

Accepted Solution

Rob Williams earned 2000 total points
ID: 20383205
>>"I need a VPN solution that is reliable and can easily handle Windows Authentication and will allow users to access network shares without having to jump through hoops."

Though my preference would be the Watchguard MUVPN,to answer your question, use the SBS built-in VPN service. It's easy to configure, deploy, and administer, uses windows authentication, and will easily allow you to map drives/shares. If the computers are members of the domain, the logon box (ctrl+alt+del) will have an option to connect using dial-up connection. Check that and the VPN will be an alternative. This way the VPN connects before logon and group policy can be applied and logon scripts run to automatically map drives.
LVL 15

Author Comment

ID: 20383266
Do you know of any huge benefits to using the Watchguard as opposed to the SBS VPN service? Basically, why is it your preference?
LVL 77

Expert Comment

by:Rob Williams
ID: 20383356
A hardware VPN solution, in general or in theory, will provide a little better security as it is a perimeter device and uses IPSec rather than PPTP, and should give slight performance improvements where it is a device dedicated to encryption and decryption. The other point it is more difficult for an unauthorized user to set up a client. Windows client is built in and just requires connection and user information. Sometimes users share their passwords. Watchguard requires access to the config file which can be secured.

However, with less than 25 users I would think the benefits would out weigh the above considerations. at least you can test it without any hardware expanses.
Plesk WordPress Toolkit

Plesk's WordPress Toolkit allows server administrators, resellers and customers to manage their WordPress instances, enabling a variety of development workflows for WordPress admins of all skill levels, from beginners to pros.

See why 2/3 of Plesk servers use it.

LVL 15

Author Comment

ID: 20383552
Ya, I plan on testing it out over the next month to see how it goes. The cost (or lack thereof) is defintely a huge benefit.

Have you ever ran into any of the problems I currently have w/ the Watchguard? Do you have any suggestions on how I could potentially fix them? I, too, would prefer a hardware solution if we are able to correct these issues.
LVL 77

Expert Comment

by:Rob Williams
ID: 20383690
I haven't used windows authentication with Watchguards. It wasn't an option as I recall on the less expensive SOHO's I used. However, most will let you use a Windows RADIUS server for authentication. In the RADIUS server policies you can allow members of a named group access. This way you simply have to add your new users to that group to give them access. User profile under Dial-In has to be checked appropriately (Control Access through Remote Access Policy). You may be doing this now.

As for name resolution that is a problem. Simplest and most dependable method is to put a little batch file on the user's desktop. After connecting the VPN click on the batch file to map drives by IP.
If you can, another alternative is to add the primary sites DNS server to the MUVPN client. Then you should also change the binding order of the VPN adapters to make the VPN first. This is done in control panel | network connections | on the menu bar chose Advanced | advanced settings | Adapters and binding order.  If the VPN adapter is not present you need to open the VPN security policy editor and on the "My Identity" tab of the policy select virtual adapter required. Then re-boot the PC.

As for the 4:30 problem that is bizarre. That sounds like an ISP problem or a power glitch. Is the router on a UPS? How long does it last, i.e can they reconnect right away?
LVL 77

Expert Comment

by:Rob Williams
ID: 20383718
One other possibility for name resolution is to use NetBIOS names. NetBIOS broadcasts don't work over a VPN, but you can add the remote servers/PCs and IPs to the client LMHosts file. If you are not familiar with Hosts/LMHosts files let me know.
LVL 15

Author Closing Comment

ID: 31411942
Thanks a ton!!! Very helpful :)
LVL 77

Expert Comment

by:Rob Williams
ID: 20384624
Very welcome Derek, Thank you.
Cheers !

Featured Post

Take our survey for a chance to win!

As a valued customer of Targus, we’d like to ask you a few questions about us. As thanks, you will be automatically entered for a chance to win a $500 VISA gift card. To enter, just complete the survey by September 15, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question