Windows 7 and multiple VPNs

Posted on 2010-11-22
Last Modified: 2012-05-10
I have a client that serves a large number of offsite issues for their clients using various VPNs, I cannot dictate what VPN clients they can use nor best practice models. Some of the VPN clients are old citrix, some are cisco, some are Sonicwall, just any flavor really. In total ther are 11 stations each configured with 15 VPN clients, invariably using one, breaks another, the desktop client is XP. Some of the VPN clients that dont play nicely together are isolated in a "kiosk" type scenario. Today I need to bring these stations up to date with windows 7, most of these vpn clients dont work on 7 at all. The IT director does not want to use VMs to acheive the desired end result. I am seriously at a loss relating to advancing with this task.
Question by:microcomputers
  • 3
  • 2
LVL 69

Assisted Solution

Qlemo earned 500 total points
ID: 34190202
One idea is to use a single VPN client which is able to connect to different device types, like the free ShrewSoft VPN client or the commercial NCP. Both work on W7 (x64 and x86), and can replace Cisco and several more. Shrew does not support Sonicwall, and I don't know that for NCP.

In any case you will be able to cover only some of the VPNs. Citrix needs to be on its own, Check Point, and some others; I really would let those run with XP in Kiosk mode.

What I have done to support as much clients as possible is to try to let them run in router mode, and kick the connection by batch. Cisco VPN allows for that, if it does not block local network address. Some VPNs do not use a visible NIC, so they are not routable (Shrew is one of them). You can see how I did that in my article

Author Comment

ID: 34190333
Most interesting approach, I could ostensibly reach the lions share of these clients using such a tool and then those that require isolation can be identified and seperated from the rest...most interesting approach. Shrew soft does look like a promising tool. I will need to test it myself..

Author Comment

ID: 34234238
Well I attempted this approach and more information was revealed to me as I began to chase this dog. The biggest offenders are Citrix clients. We have about 15 different VPN clients of them 6 are citrix, some of these citrix installs are very old clients and the newer clients break the older ones. Is there anyway to isolate these installs so they can exist together on the same box??
LVL 69

Accepted Solution

Qlemo earned 500 total points
ID: 34234494
Never tried that (never had to). I had only used ICA up to know, no VPN of Citrix. As far as it is documented, Citrix uses a net shim located in NDIS (written by Net6) to remap ports and addresses to local addresses, and encrypt that via SSL. That does not allow for different versions of SSL VPN, nor for other (IPSec) VPN clients. The latter is nothing new, it is the same with many VPN Clients. What really surprises me is that a newer SSL version does not work with older gateways. Bad design, if you ask me.

The only way to accomplish "coexistence" of such [censored] VPN clients is to use separate VMs for each release, e.g. with Xen (which would allow for a "low profile" solution, using the OS code for more than one machine). However, since that SSL VPNs are not routable, you need to run the SSLs in a RDP session. Bit clumsy, but I can't imagine anything else working here.
LVL 69

Expert Comment

ID: 34869536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Site-to-Site VPN Cisco ASA 5505 to Cisco RV320 4 214
RDP Sonicwall 8 88
Server 2012 L2TP VPN Windows client to server 3 28
ASA 5505 not passing traffic to Netgear router 22 49
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question