Solved

Windows 7 and multiple VPNs

Posted on 2010-11-22
6
598 Views
Last Modified: 2012-05-10
I have a client that serves a large number of offsite issues for their clients using various VPNs, I cannot dictate what VPN clients they can use nor best practice models. Some of the VPN clients are old citrix, some are cisco, some are Sonicwall, just any flavor really. In total ther are 11 stations each configured with 15 VPN clients, invariably using one, breaks another, the desktop client is XP. Some of the VPN clients that dont play nicely together are isolated in a "kiosk" type scenario. Today I need to bring these stations up to date with windows 7, most of these vpn clients dont work on 7 at all. The IT director does not want to use VMs to acheive the desired end result. I am seriously at a loss relating to advancing with this task.
0
Comment
Question by:microcomputers
  • 3
  • 2
6 Comments
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 500 total points
ID: 34190202
One idea is to use a single VPN client which is able to connect to different device types, like the free ShrewSoft VPN client or the commercial NCP. Both work on W7 (x64 and x86), and can replace Cisco and several more. Shrew does not support Sonicwall, and I don't know that for NCP.

In any case you will be able to cover only some of the VPNs. Citrix needs to be on its own, Check Point, and some others; I really would let those run with XP in Kiosk mode.

What I have done to support as much clients as possible is to try to let them run in router mode, and kick the connection by batch. Cisco VPN allows for that, if it does not block local network address. Some VPNs do not use a visible NIC, so they are not routable (Shrew is one of them). You can see how I did that in my article
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/A_350-Using-remote-client-connections-VPN-ISDN-PPTP-aso-for-routing-in-Windows.html
0
 

Author Comment

by:microcomputers
ID: 34190333
Most interesting approach, I could ostensibly reach the lions share of these clients using such a tool and then those that require isolation can be identified and seperated from the rest...most interesting approach. Shrew soft does look like a promising tool. I will need to test it myself..
0
 

Author Comment

by:microcomputers
ID: 34234238
Well I attempted this approach and more information was revealed to me as I began to chase this dog. The biggest offenders are Citrix clients. We have about 15 different VPN clients of them 6 are citrix, some of these citrix installs are very old clients and the newer clients break the older ones. Is there anyway to isolate these installs so they can exist together on the same box??
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 34234494
Never tried that (never had to). I had only used ICA up to know, no VPN of Citrix. As far as it is documented, Citrix uses a net shim located in NDIS (written by Net6) to remap ports and addresses to local addresses, and encrypt that via SSL. That does not allow for different versions of SSL VPN, nor for other (IPSec) VPN clients. The latter is nothing new, it is the same with many VPN Clients. What really surprises me is that a newer SSL version does not work with older gateways. Bad design, if you ask me.

The only way to accomplish "coexistence" of such [censored] VPN clients is to use separate VMs for each release, e.g. with Xen (which would allow for a "low profile" solution, using the OS code for more than one machine). However, since that SSL VPNs are not routable, you need to run the SSLs in a RDP session. Bit clumsy, but I can't imagine anything else working here.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34869536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Sonicwall site to site VPN 10 66
AnyConnect 3 59
Host to host VPN issue 1 43
Printer locally over VPN 2 54
When you connect to your workplace's VPN, you may not notice that you are using your workplace's servers to serve up webpages.  This might be undesirable since the workplace can log all the places you've been.  It also might be very slow to load pag…
Using Windows 2008 RRAS, I was able to successfully VPN into the network, but I was having problems restricting my test user from accessing certain things on the network.  I used Google in order to try to find out how to stop people from accessing c…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now