Solved

VPN Blocked by hotels

Posted on 2011-09-18
12
756 Views
Last Modified: 2012-05-12
Several execs have provided feedback that they are unable to connect to our VPN (ISA server) but can connect to my Sharepoint server (Portal access) through the same server. Is there a workaround that will allow them to create a VPN connection? Is there an entry in the hosts file that would work around the block?

Thanks
0
Comment
Question by:gwg80
12 Comments
 
LVL 21

Expert Comment

by:yo_bee
ID: 36557491
I have seen that it's not VPN being blocked, but the subnet that the hotel is using matches the office vpn subnet and the routes get all screwy.  

You should confirm what the exec IP and subnet is when at the hotel.  If this is the case I think the patron can request a public address.

0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36557507
I have seen that. Many (not all) Hotels will accommodate the user by providing VPN capable service for a fee. If that is available, that is the easisst approach and I have done that.

I run into enough issues that I accommodate myself by having a 3G USB Internet Key that works most anywhere in my Country. That is the best, but not the cheapest, solution.

If it is merely subnet, the user must have administrative authority to change the hosts file. But I usually find the hotels block VPN in order to obtain a fee for its use.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36559704
There are additional issues this user is having - related or not. User has 2 laptops.
1) From certain networks (not all) cannot authenticate in Sharepoint nor authenticate on the Vpn
2) On one laptop has issues with outlook 2007 continually asking for a password when on these unfriendly networks. New laptop has Outlook 2010, which seems to be able to maintain a connection.

Suggestions please.
0
 

Author Comment

by:gwg80
ID: 36593803
Rethink. Created an IPsec with IKE on my Netvanta firewall - workaround for this issue. However in testing - there is latency in accessing Sharepoint in explorer view (WebDav). This latency is not present in PPTP VPN connection.
From what I can see - IPSEC is only for site-to-site in ISA server. Does anyone of a workaround to enable IPSEC VPN using IKE with an external client - like Shrewsoft?
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36593812
Shrewsoft will work with most connections. It may or may not work with 3G or some hotel sites. NCP Secure Entry (www.ncp-e.com) will work through 3G (I use it this way) plus work through nearly any network. I have not had NCP fail to connect or transmit data in my usage. It also is a fast as any client application I have used.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593843
Correct. However there is an issue of latency with the WebDav function in Sharepoint through the client. Most probably because of the IPSEC Ike setup. PPTP VPN has no such latency - probably because of the integration to the domain. I am pretty sure this latency would still be there through ISA server but looking for second or more opinions. Best way to test is try it - if it can be done.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 90

Expert Comment

by:John Hurst
ID: 36593855
Shrewsoft is free (so trial is no issue) and NCP Secure Entry has a 30 day trial. You can try both in a variety of circumstances.  NCP Secure Entry also supports PPTP VPN, so that you can try that route as well.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593901
PPTP VPN is the original issue blocked by many public access. Need IPsec using IKE - through ISA Server or possibly WIN Server 2008
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 36594123
NCP Secure Entry supports both, so try IKE and see how performance is. But if IKE works, the NCP version of PPTP may work as well.  

And then, after all, don't forget it may be a hotel issue. Try and see as it won't cost anything except some time.
... Thinkpads_User
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 36891746
Higher latency with IPSec VPN can origin from having a smaller MTU, causing unnecessary fragmentation, and choosing an inappropriate (time- and resouce-hogging) encryption. AES is faster in most cases as 3DES, for example, and a smaller "key length" (128 bits versus 256 bits) allows for less overhead for both calculation power and bandwidth.
That might explain the additional WebDAV lag or not. But a detail is confusing me - you told us the SharePoint connection works even if the PPTP VPN does not - you do not compare that non-PPTP connection with the IPSec connection, hopefully?
0
 

Author Comment

by:gwg80
ID: 36894989
No that is not what we are comparing. I will play with the settings. Thanks for your input on that last point.
0
 

Author Closing Comment

by:gwg80
ID: 36896290
Shrewsoft client worked as workaround. Final comment was the info missing for client.
Thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
Some of you may have heard that SonicWALL has finally released an app for iOS devices giving us long awaited connectivity for our iPhone's, iPod's, and iPad's. This guide is just a quick rundown on how to get up and running quickly using the app. …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now