Solved

VPN Blocked by hotels

Posted on 2011-09-18
12
766 Views
Last Modified: 2012-05-12
Several execs have provided feedback that they are unable to connect to our VPN (ISA server) but can connect to my Sharepoint server (Portal access) through the same server. Is there a workaround that will allow them to create a VPN connection? Is there an entry in the hosts file that would work around the block?

Thanks
0
Comment
Question by:gwg80
12 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 36557491
I have seen that it's not VPN being blocked, but the subnet that the hotel is using matches the office vpn subnet and the routes get all screwy.  

You should confirm what the exec IP and subnet is when at the hotel.  If this is the case I think the patron can request a public address.

0
 
LVL 93

Expert Comment

by:John Hurst
ID: 36557507
I have seen that. Many (not all) Hotels will accommodate the user by providing VPN capable service for a fee. If that is available, that is the easisst approach and I have done that.

I run into enough issues that I accommodate myself by having a 3G USB Internet Key that works most anywhere in my Country. That is the best, but not the cheapest, solution.

If it is merely subnet, the user must have administrative authority to change the hosts file. But I usually find the hotels block VPN in order to obtain a fee for its use.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36559704
There are additional issues this user is having - related or not. User has 2 laptops.
1) From certain networks (not all) cannot authenticate in Sharepoint nor authenticate on the Vpn
2) On one laptop has issues with outlook 2007 continually asking for a password when on these unfriendly networks. New laptop has Outlook 2010, which seems to be able to maintain a connection.

Suggestions please.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:gwg80
ID: 36593803
Rethink. Created an IPsec with IKE on my Netvanta firewall - workaround for this issue. However in testing - there is latency in accessing Sharepoint in explorer view (WebDav). This latency is not present in PPTP VPN connection.
From what I can see - IPSEC is only for site-to-site in ISA server. Does anyone of a workaround to enable IPSEC VPN using IKE with an external client - like Shrewsoft?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 36593812
Shrewsoft will work with most connections. It may or may not work with 3G or some hotel sites. NCP Secure Entry (www.ncp-e.com) will work through 3G (I use it this way) plus work through nearly any network. I have not had NCP fail to connect or transmit data in my usage. It also is a fast as any client application I have used.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593843
Correct. However there is an issue of latency with the WebDav function in Sharepoint through the client. Most probably because of the IPSEC Ike setup. PPTP VPN has no such latency - probably because of the integration to the domain. I am pretty sure this latency would still be there through ISA server but looking for second or more opinions. Best way to test is try it - if it can be done.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 36593855
Shrewsoft is free (so trial is no issue) and NCP Secure Entry has a 30 day trial. You can try both in a variety of circumstances.  NCP Secure Entry also supports PPTP VPN, so that you can try that route as well.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593901
PPTP VPN is the original issue blocked by many public access. Need IPsec using IKE - through ISA Server or possibly WIN Server 2008
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 36594123
NCP Secure Entry supports both, so try IKE and see how performance is. But if IKE works, the NCP version of PPTP may work as well.  

And then, after all, don't forget it may be a hotel issue. Try and see as it won't cost anything except some time.
... Thinkpads_User
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 36891746
Higher latency with IPSec VPN can origin from having a smaller MTU, causing unnecessary fragmentation, and choosing an inappropriate (time- and resouce-hogging) encryption. AES is faster in most cases as 3DES, for example, and a smaller "key length" (128 bits versus 256 bits) allows for less overhead for both calculation power and bandwidth.
That might explain the additional WebDAV lag or not. But a detail is confusing me - you told us the SharePoint connection works even if the PPTP VPN does not - you do not compare that non-PPTP connection with the IPSec connection, hopefully?
0
 

Author Comment

by:gwg80
ID: 36894989
No that is not what we are comparing. I will play with the settings. Thanks for your input on that last point.
0
 

Author Closing Comment

by:gwg80
ID: 36896290
Shrewsoft client worked as workaround. Final comment was the info missing for client.
Thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question