Solved

VPN Blocked by hotels

Posted on 2011-09-18
12
758 Views
Last Modified: 2012-05-12
Several execs have provided feedback that they are unable to connect to our VPN (ISA server) but can connect to my Sharepoint server (Portal access) through the same server. Is there a workaround that will allow them to create a VPN connection? Is there an entry in the hosts file that would work around the block?

Thanks
0
Comment
Question by:gwg80
12 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 36557491
I have seen that it's not VPN being blocked, but the subnet that the hotel is using matches the office vpn subnet and the routes get all screwy.  

You should confirm what the exec IP and subnet is when at the hotel.  If this is the case I think the patron can request a public address.

0
 
LVL 92

Expert Comment

by:John Hurst
ID: 36557507
I have seen that. Many (not all) Hotels will accommodate the user by providing VPN capable service for a fee. If that is available, that is the easisst approach and I have done that.

I run into enough issues that I accommodate myself by having a 3G USB Internet Key that works most anywhere in my Country. That is the best, but not the cheapest, solution.

If it is merely subnet, the user must have administrative authority to change the hosts file. But I usually find the hotels block VPN in order to obtain a fee for its use.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36559704
There are additional issues this user is having - related or not. User has 2 laptops.
1) From certain networks (not all) cannot authenticate in Sharepoint nor authenticate on the Vpn
2) On one laptop has issues with outlook 2007 continually asking for a password when on these unfriendly networks. New laptop has Outlook 2010, which seems to be able to maintain a connection.

Suggestions please.
0
 

Author Comment

by:gwg80
ID: 36593803
Rethink. Created an IPsec with IKE on my Netvanta firewall - workaround for this issue. However in testing - there is latency in accessing Sharepoint in explorer view (WebDav). This latency is not present in PPTP VPN connection.
From what I can see - IPSEC is only for site-to-site in ISA server. Does anyone of a workaround to enable IPSEC VPN using IKE with an external client - like Shrewsoft?
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 36593812
Shrewsoft will work with most connections. It may or may not work with 3G or some hotel sites. NCP Secure Entry (www.ncp-e.com) will work through 3G (I use it this way) plus work through nearly any network. I have not had NCP fail to connect or transmit data in my usage. It also is a fast as any client application I have used.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593843
Correct. However there is an issue of latency with the WebDav function in Sharepoint through the client. Most probably because of the IPSEC Ike setup. PPTP VPN has no such latency - probably because of the integration to the domain. I am pretty sure this latency would still be there through ISA server but looking for second or more opinions. Best way to test is try it - if it can be done.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 92

Expert Comment

by:John Hurst
ID: 36593855
Shrewsoft is free (so trial is no issue) and NCP Secure Entry has a 30 day trial. You can try both in a variety of circumstances.  NCP Secure Entry also supports PPTP VPN, so that you can try that route as well.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593901
PPTP VPN is the original issue blocked by many public access. Need IPsec using IKE - through ISA Server or possibly WIN Server 2008
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 36594123
NCP Secure Entry supports both, so try IKE and see how performance is. But if IKE works, the NCP version of PPTP may work as well.  

And then, after all, don't forget it may be a hotel issue. Try and see as it won't cost anything except some time.
... Thinkpads_User
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 36891746
Higher latency with IPSec VPN can origin from having a smaller MTU, causing unnecessary fragmentation, and choosing an inappropriate (time- and resouce-hogging) encryption. AES is faster in most cases as 3DES, for example, and a smaller "key length" (128 bits versus 256 bits) allows for less overhead for both calculation power and bandwidth.
That might explain the additional WebDAV lag or not. But a detail is confusing me - you told us the SharePoint connection works even if the PPTP VPN does not - you do not compare that non-PPTP connection with the IPSec connection, hopefully?
0
 

Author Comment

by:gwg80
ID: 36894989
No that is not what we are comparing. I will play with the settings. Thanks for your input on that last point.
0
 

Author Closing Comment

by:gwg80
ID: 36896290
Shrewsoft client worked as workaround. Final comment was the info missing for client.
Thanks
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VPN server setup 5 76
Connection timeouts with mobile vpn users 5 41
VPN speed and 3rd party service 13 46
cradle point vpn to sonicwall 5 50
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now