?
Solved

Windows 7 and multiple VPNs

Posted on 2010-11-22
6
Medium Priority
?
623 Views
Last Modified: 2012-05-10
I have a client that serves a large number of offsite issues for their clients using various VPNs, I cannot dictate what VPN clients they can use nor best practice models. Some of the VPN clients are old citrix, some are cisco, some are Sonicwall, just any flavor really. In total ther are 11 stations each configured with 15 VPN clients, invariably using one, breaks another, the desktop client is XP. Some of the VPN clients that dont play nicely together are isolated in a "kiosk" type scenario. Today I need to bring these stations up to date with windows 7, most of these vpn clients dont work on 7 at all. The IT director does not want to use VMs to acheive the desired end result. I am seriously at a loss relating to advancing with this task.
0
Comment
Question by:microcomputers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 2000 total points
ID: 34190202
One idea is to use a single VPN client which is able to connect to different device types, like the free ShrewSoft VPN client or the commercial NCP. Both work on W7 (x64 and x86), and can replace Cisco and several more. Shrew does not support Sonicwall, and I don't know that for NCP.

In any case you will be able to cover only some of the VPNs. Citrix needs to be on its own, Check Point, and some others; I really would let those run with XP in Kiosk mode.

What I have done to support as much clients as possible is to try to let them run in router mode, and kick the connection by batch. Cisco VPN allows for that, if it does not block local network address. Some VPNs do not use a visible NIC, so they are not routable (Shrew is one of them). You can see how I did that in my article
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/A_350-Using-remote-client-connections-VPN-ISDN-PPTP-aso-for-routing-in-Windows.html
0
 

Author Comment

by:microcomputers
ID: 34190333
Most interesting approach, I could ostensibly reach the lions share of these clients using such a tool and then those that require isolation can be identified and seperated from the rest...most interesting approach. Shrew soft does look like a promising tool. I will need to test it myself..
0
 

Author Comment

by:microcomputers
ID: 34234238
Well I attempted this approach and more information was revealed to me as I began to chase this dog. The biggest offenders are Citrix clients. We have about 15 different VPN clients of them 6 are citrix, some of these citrix installs are very old clients and the newer clients break the older ones. Is there anyway to isolate these installs so they can exist together on the same box??
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 2000 total points
ID: 34234494
Never tried that (never had to). I had only used ICA up to know, no VPN of Citrix. As far as it is documented, Citrix uses a net shim located in NDIS (written by Net6) to remap ports and addresses to local addresses, and encrypt that via SSL. That does not allow for different versions of SSL VPN, nor for other (IPSec) VPN clients. The latter is nothing new, it is the same with many VPN Clients. What really surprises me is that a newer SSL version does not work with older gateways. Bad design, if you ask me.

The only way to accomplish "coexistence" of such [censored] VPN clients is to use separate VMs for each release, e.g. with Xen (which would allow for a "low profile" solution, using the OS code for more than one machine). However, since that SSL VPNs are not routable, you need to run the SSLs in a RDP session. Bit clumsy, but I can't imagine anything else working here.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34869536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question