Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VPN Blocked by hotels

Posted on 2011-09-18
12
Medium Priority
?
836 Views
Last Modified: 2012-05-12
Several execs have provided feedback that they are unable to connect to our VPN (ISA server) but can connect to my Sharepoint server (Portal access) through the same server. Is there a workaround that will allow them to create a VPN connection? Is there an entry in the hosts file that would work around the block?

Thanks
0
Comment
Question by:gwg80
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 23

Expert Comment

by:yo_bee
ID: 36557491
I have seen that it's not VPN being blocked, but the subnet that the hotel is using matches the office vpn subnet and the routes get all screwy.  

You should confirm what the exec IP and subnet is when at the hotel.  If this is the case I think the patron can request a public address.

0
 
LVL 98

Expert Comment

by:John Hurst
ID: 36557507
I have seen that. Many (not all) Hotels will accommodate the user by providing VPN capable service for a fee. If that is available, that is the easisst approach and I have done that.

I run into enough issues that I accommodate myself by having a 3G USB Internet Key that works most anywhere in my Country. That is the best, but not the cheapest, solution.

If it is merely subnet, the user must have administrative authority to change the hosts file. But I usually find the hotels block VPN in order to obtain a fee for its use.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36559704
There are additional issues this user is having - related or not. User has 2 laptops.
1) From certain networks (not all) cannot authenticate in Sharepoint nor authenticate on the Vpn
2) On one laptop has issues with outlook 2007 continually asking for a password when on these unfriendly networks. New laptop has Outlook 2010, which seems to be able to maintain a connection.

Suggestions please.
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Author Comment

by:gwg80
ID: 36593803
Rethink. Created an IPsec with IKE on my Netvanta firewall - workaround for this issue. However in testing - there is latency in accessing Sharepoint in explorer view (WebDav). This latency is not present in PPTP VPN connection.
From what I can see - IPSEC is only for site-to-site in ISA server. Does anyone of a workaround to enable IPSEC VPN using IKE with an external client - like Shrewsoft?
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 36593812
Shrewsoft will work with most connections. It may or may not work with 3G or some hotel sites. NCP Secure Entry (www.ncp-e.com) will work through 3G (I use it this way) plus work through nearly any network. I have not had NCP fail to connect or transmit data in my usage. It also is a fast as any client application I have used.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593843
Correct. However there is an issue of latency with the WebDav function in Sharepoint through the client. Most probably because of the IPSEC Ike setup. PPTP VPN has no such latency - probably because of the integration to the domain. I am pretty sure this latency would still be there through ISA server but looking for second or more opinions. Best way to test is try it - if it can be done.
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 36593855
Shrewsoft is free (so trial is no issue) and NCP Secure Entry has a 30 day trial. You can try both in a variety of circumstances.  NCP Secure Entry also supports PPTP VPN, so that you can try that route as well.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593901
PPTP VPN is the original issue blocked by many public access. Need IPsec using IKE - through ISA Server or possibly WIN Server 2008
0
 
LVL 98

Expert Comment

by:John Hurst
ID: 36594123
NCP Secure Entry supports both, so try IKE and see how performance is. But if IKE works, the NCP version of PPTP may work as well.  

And then, after all, don't forget it may be a hotel issue. Try and see as it won't cost anything except some time.
... Thinkpads_User
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1500 total points
ID: 36891746
Higher latency with IPSec VPN can origin from having a smaller MTU, causing unnecessary fragmentation, and choosing an inappropriate (time- and resouce-hogging) encryption. AES is faster in most cases as 3DES, for example, and a smaller "key length" (128 bits versus 256 bits) allows for less overhead for both calculation power and bandwidth.
That might explain the additional WebDAV lag or not. But a detail is confusing me - you told us the SharePoint connection works even if the PPTP VPN does not - you do not compare that non-PPTP connection with the IPSec connection, hopefully?
0
 

Author Comment

by:gwg80
ID: 36894989
No that is not what we are comparing. I will play with the settings. Thanks for your input on that last point.
0
 

Author Closing Comment

by:gwg80
ID: 36896290
Shrewsoft client worked as workaround. Final comment was the info missing for client.
Thanks
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written this article to illustrate how we can implement a Dynamic Multipoint VPN (DMVPN) with both hub and spokes having a dynamically assigned non-broadcast multiple-access (NBMA) network IP (public IP). Here is the basic setup of DMVPN Pha…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question