Windows 7 and multiple VPNs

Posted on 2010-11-22
Last Modified: 2012-05-10
I have a client that serves a large number of offsite issues for their clients using various VPNs, I cannot dictate what VPN clients they can use nor best practice models. Some of the VPN clients are old citrix, some are cisco, some are Sonicwall, just any flavor really. In total ther are 11 stations each configured with 15 VPN clients, invariably using one, breaks another, the desktop client is XP. Some of the VPN clients that dont play nicely together are isolated in a "kiosk" type scenario. Today I need to bring these stations up to date with windows 7, most of these vpn clients dont work on 7 at all. The IT director does not want to use VMs to acheive the desired end result. I am seriously at a loss relating to advancing with this task.
Question by:microcomputers
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
LVL 69

Assisted Solution

Qlemo earned 500 total points
ID: 34190202
One idea is to use a single VPN client which is able to connect to different device types, like the free ShrewSoft VPN client or the commercial NCP. Both work on W7 (x64 and x86), and can replace Cisco and several more. Shrew does not support Sonicwall, and I don't know that for NCP.

In any case you will be able to cover only some of the VPNs. Citrix needs to be on its own, Check Point, and some others; I really would let those run with XP in Kiosk mode.

What I have done to support as much clients as possible is to try to let them run in router mode, and kick the connection by batch. Cisco VPN allows for that, if it does not block local network address. Some VPNs do not use a visible NIC, so they are not routable (Shrew is one of them). You can see how I did that in my article

Author Comment

ID: 34190333
Most interesting approach, I could ostensibly reach the lions share of these clients using such a tool and then those that require isolation can be identified and seperated from the rest...most interesting approach. Shrew soft does look like a promising tool. I will need to test it myself..

Author Comment

ID: 34234238
Well I attempted this approach and more information was revealed to me as I began to chase this dog. The biggest offenders are Citrix clients. We have about 15 different VPN clients of them 6 are citrix, some of these citrix installs are very old clients and the newer clients break the older ones. Is there anyway to isolate these installs so they can exist together on the same box??
LVL 69

Accepted Solution

Qlemo earned 500 total points
ID: 34234494
Never tried that (never had to). I had only used ICA up to know, no VPN of Citrix. As far as it is documented, Citrix uses a net shim located in NDIS (written by Net6) to remap ports and addresses to local addresses, and encrypt that via SSL. That does not allow for different versions of SSL VPN, nor for other (IPSec) VPN clients. The latter is nothing new, it is the same with many VPN Clients. What really surprises me is that a newer SSL version does not work with older gateways. Bad design, if you ask me.

The only way to accomplish "coexistence" of such [censored] VPN clients is to use separate VMs for each release, e.g. with Xen (which would allow for a "low profile" solution, using the OS code for more than one machine). However, since that SSL VPNs are not routable, you need to run the SSLs in a RDP session. Bit clumsy, but I can't imagine anything else working here.
LVL 69

Expert Comment

ID: 34869536
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What windows 10 VPN choice is equal to HTTPS/SSL based VPN? 1 54
VPN Access to Network 4 41
New office setup 2 31
SSL-VPN 1 51
I've had to do a bit of research to setup my VPN connection so that Clients can access Windows Server 2008 network shares.  I have a Cisco ASA 5510 firewall.  I found an article which was extremely useful: It had a solution if you use ASDM to config…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question