JSTechinLA
asked on
replacement for Netscreen Remote VPN
Since Netscreen remote VPN software is at the end of life, and will not support Windows 7 I need to find a replacement product. I have a screen 5GT that is working fine and I don't want to replace the hardware but I need VPN connectivity to my WinServ 2003 machine.
The VPN features that I need most are drive mapping to the remote server folders so that my users can easily access the shared data. Netscreen worked great for this.....
Any suggestions greatly appreciated.
The VPN features that I need most are drive mapping to the remote server folders so that my users can easily access the shared data. Netscreen worked great for this.....
Any suggestions greatly appreciated.
Other known software vpn clients (like NCP Secure Client, Shrew Soft client, the Green Bow ipsec client) are all reported to give the same problems on the new Windows 7. The same happens with wireless internet usb sticks, the software is often incompatible with win7.
If you only need 1 user to access the 2003 server through a vpn-tunnel, you could buy a second-hand 5GT and create a lan2lan tunnel : in this way it doesn't matter if your pc already runs Win7.
If you have many remote-vpn users i'm afraid you will have to migrate to a new solution over time. A client-less ssl-vpn solution would be a step forward.
If you only need 1 user to access the 2003 server through a vpn-tunnel, you could buy a second-hand 5GT and create a lan2lan tunnel : in this way it doesn't matter if your pc already runs Win7.
If you have many remote-vpn users i'm afraid you will have to migrate to a new solution over time. A client-less ssl-vpn solution would be a step forward.
Id recommend a SonicWALL SSL-VPN 2000, this device gives you the option to configure network paths by user permission, and web based VPN one click installs.
I am having very good success using Shrew Soft VPN Client. (www.shrew.net). It's free and I've been using it with multiple Juniper/Netscreen firewall models. I found this client because I was in the same situation as you... EOL of Netscreen Remote and newly installed Windows 7 machines.
ASKER
srapport-
Shrew looks like what I need. I currently authenticate using email address but I don't see that option for Shrew. Will I need to reconfigure my netscreen for a different policy type?
Shrew looks like what I need. I currently authenticate using email address but I don't see that option for Shrew. Will I need to reconfigure my netscreen for a different policy type?
You shouldn't have to reconfig the Netscreen. In the Shrew client, set the Local Identity to User Fully Qualified Domain Name and enter the email address as it is set up in the Netscreen in this field.
ASKER
Ok, now it is asking for a "Valid Certificate file name" I think it just wants to save this configuration, but I can't find any tab that will let me enter this information.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Looks good. It will just take a lot of configuring. VPN's are not my strong suit.
Just make sure you match the phase 1, phase 2, and policy settings on both sides. Some of the terminology may be slightly different between the Netscreen and Shrew settings, but the link I provided should give you a pretty good idea of where to match the settings on the client side.
Hi Guys,
I have managed to get around this -
Make sure you disable any other VPN that is running or set it to manual
Make sure the local administrator account is enabled
Restart and login with this account (Administrator)
Turn off UAC
Now change the compatible mode of the setup.exe
Change the settings for all users - to run as administrator and choose the option for XP - SP3
Now install and restart.
Now import any certificate that is require etc
By default the Safenet IKE service will not start - so go to services.msc and start the service.
Enjoy/
I have managed to get around this -
Make sure you disable any other VPN that is running or set it to manual
Make sure the local administrator account is enabled
Restart and login with this account (Administrator)
Turn off UAC
Now change the compatible mode of the setup.exe
Change the settings for all users - to run as administrator and choose the option for XP - SP3
Now install and restart.
Now import any certificate that is require etc
By default the Safenet IKE service will not start - so go to services.msc and start the service.
Enjoy/
Justin