[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 777
  • Last Modified:

What's the Best VPN Solution for Windows 7 and a Juniper 5GT on SBS 2003?

We have a Windows SBS 2003 server behind a Juniper 5GT Firewall / Router.  We've been using the Juniper Remote VPN client for our out of office XP computers.   I tried to get the upgrade to this but apparently Juniper has discontinued this product.   Since our remote users want to access shared folders we've configured the VPN client to pass through the DNS.

We now have our first Windows 7 laptop.   I need to find a VPN solution.   I've spent a few hours trying to get the Windows VPN client to work through the Juniper router but there appear to be issues with the ability to pass PPTP through the Juniper 5GT.   I am getting Error 800 which isn't telling me much.

Would I be better off going with some sort of a third party VPN client?   If so, what?   Whatever solution I use, I need to be able to allow the remote users to browse the server's folders through the mapped drives that they use in the office.
0
kdubendorf
Asked:
kdubendorf
  • 4
  • 3
  • 3
  • +1
2 Solutions
 
Rory de LeurConsultant End-User ComputingCommented:
The Netscreen GT5 is IPSec compliant, so the Greenbow client will work..
- http//www.thegreenbow.com/vpn_down.html
0
 
John HurstBusiness Consultant (Owner)Commented:
I use the NCP Secure Entry client for that same 5GT firewall. I am using a Windows 7 Pro 64-bit machine and the NCP client works great. It also works through double NAT type arrangements found in some hotels and with some cellular modems (like my rocket USB stick).  ... Thinkpads_User
0
 
kdubendorfAuthor Commented:
What do you recommend for documentation on configuring the 5 GT to work with these clients?  Will they allow my to configure it so it brings the DNS to the client so that I can seach the shared folders?
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
John HurstBusiness Consultant (Owner)Commented:
I use an entry in the local HOSTS file to permit access to shared folders. That works fine. I have not tried bringing DNS to the client, but in terms of tunnel traffic, the NCP client works basically the same as the Netscreen client. .... Thinkpads_User
0
 
QlemoDeveloperCommented:
Regarding PPTP passthru: That can be a real PITA. To get it work, you need to  switch on the PPTP ALG, and allow for ingress PPTP and GRE (protocol 47)  traffic.
 Error 800 is one of several telling you that something does not work :D.  It is really unspecific, as most of the PPTP/GRE related messages, but  you can count on it being a NAT & GRE issue.
 
 Since there are so many issues with PPTP, I agree you should not use it.  But W7 should be able to establish a IPSec connection to 5GT, if you  have a ScreenOS 6.x which allows for IKEv2 (you can check that in the  IKE config page of your 5GT).
I highly recommend using the free ShrewSoft VPN (www.shrew.net). The Wiki provides you with tutorials for many devices, including NetScreen. I'm using it myself against Cisco and Juniper SSG.
It has a split-DNS service, which allows for DNS requests to be forwarded conditiionally. You need to provide the full qualified name (pc.domain.local or similar) if you want to take advantage of DNS, so it is more convienent to setup a local hosts and/or remote WINS server; both allow for alias or simple name usage instead of the FQDN.


0
 
kdubendorfAuthor Commented:
Qlemo I actually came across the Shrew VPN this morning and have followed their instructions.  I'm very close to getting it to work.  I can ping the trust side of the router but can't ping anything else in the network.   I've posted a separate question on that.   Looks like Shrew is a good way to go.
0
 
QlemoDeveloperCommented:
I assume you want to leave this question opened for getting more suggestions and tips then.
0
 
John HurstBusiness Consultant (Owner)Commented:
I have seen posts with difficulty around Shrew. It does not work in all circumstances. Try the free trial for NCP (ncp-e.com) and see if it works. It does cover all the bases for me. ... Thinkpads_User
0
 
QlemoDeveloperCommented:
As long as you do not have issues with Shrew, there is no reason to try something else, which you have to pay for at the end. Yes, there are issues, but that is true for *any* VPN client, and ShrewSoft VPN is evolving.
0
 
kdubendorfAuthor Commented:
Thinkpads, one comment about your host entry.  I tried that for a while but found it to be unreliable for drive mapping in the Windows environment.   The XAuth feature in Juniper allows you to bring down the host DNS and WINS servers.   That eliminates the problem entirely.  I would advise that you stay away from host entrys in a Windows networking environment.
0
 
John HurstBusiness Consultant (Owner)Commented:
I have been using HOSTS file entries across multiple clients with Juniper boxes and Netscreen Remote, SafeNet SoftRemote and with NCP. It has worked perfectly for over half a decade. So may my Netscreen boxes are set up differently.

You can probably still do it the way you are with NCP as well. ... Thinkpads_User
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now