Solved

VPN Blocked by hotels

Posted on 2011-09-18
12
780 Views
Last Modified: 2012-05-12
Several execs have provided feedback that they are unable to connect to our VPN (ISA server) but can connect to my Sharepoint server (Portal access) through the same server. Is there a workaround that will allow them to create a VPN connection? Is there an entry in the hosts file that would work around the block?

Thanks
0
Comment
Question by:gwg80
12 Comments
 
LVL 22

Expert Comment

by:yo_bee
ID: 36557491
I have seen that it's not VPN being blocked, but the subnet that the hotel is using matches the office vpn subnet and the routes get all screwy.  

You should confirm what the exec IP and subnet is when at the hotel.  If this is the case I think the patron can request a public address.

0
 
LVL 94

Expert Comment

by:John Hurst
ID: 36557507
I have seen that. Many (not all) Hotels will accommodate the user by providing VPN capable service for a fee. If that is available, that is the easisst approach and I have done that.

I run into enough issues that I accommodate myself by having a 3G USB Internet Key that works most anywhere in my Country. That is the best, but not the cheapest, solution.

If it is merely subnet, the user must have administrative authority to change the hosts file. But I usually find the hotels block VPN in order to obtain a fee for its use.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36559704
There are additional issues this user is having - related or not. User has 2 laptops.
1) From certain networks (not all) cannot authenticate in Sharepoint nor authenticate on the Vpn
2) On one laptop has issues with outlook 2007 continually asking for a password when on these unfriendly networks. New laptop has Outlook 2010, which seems to be able to maintain a connection.

Suggestions please.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:gwg80
ID: 36593803
Rethink. Created an IPsec with IKE on my Netvanta firewall - workaround for this issue. However in testing - there is latency in accessing Sharepoint in explorer view (WebDav). This latency is not present in PPTP VPN connection.
From what I can see - IPSEC is only for site-to-site in ISA server. Does anyone of a workaround to enable IPSEC VPN using IKE with an external client - like Shrewsoft?
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 36593812
Shrewsoft will work with most connections. It may or may not work with 3G or some hotel sites. NCP Secure Entry (www.ncp-e.com) will work through 3G (I use it this way) plus work through nearly any network. I have not had NCP fail to connect or transmit data in my usage. It also is a fast as any client application I have used.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593843
Correct. However there is an issue of latency with the WebDav function in Sharepoint through the client. Most probably because of the IPSEC Ike setup. PPTP VPN has no such latency - probably because of the integration to the domain. I am pretty sure this latency would still be there through ISA server but looking for second or more opinions. Best way to test is try it - if it can be done.
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 36593855
Shrewsoft is free (so trial is no issue) and NCP Secure Entry has a 30 day trial. You can try both in a variety of circumstances.  NCP Secure Entry also supports PPTP VPN, so that you can try that route as well.

... Thinkpads_User
0
 

Author Comment

by:gwg80
ID: 36593901
PPTP VPN is the original issue blocked by many public access. Need IPsec using IKE - through ISA Server or possibly WIN Server 2008
0
 
LVL 94

Expert Comment

by:John Hurst
ID: 36594123
NCP Secure Entry supports both, so try IKE and see how performance is. But if IKE works, the NCP version of PPTP may work as well.  

And then, after all, don't forget it may be a hotel issue. Try and see as it won't cost anything except some time.
... Thinkpads_User
0
 
LVL 69

Accepted Solution

by:
Qlemo earned 500 total points
ID: 36891746
Higher latency with IPSec VPN can origin from having a smaller MTU, causing unnecessary fragmentation, and choosing an inappropriate (time- and resouce-hogging) encryption. AES is faster in most cases as 3DES, for example, and a smaller "key length" (128 bits versus 256 bits) allows for less overhead for both calculation power and bandwidth.
That might explain the additional WebDAV lag or not. But a detail is confusing me - you told us the SharePoint connection works even if the PPTP VPN does not - you do not compare that non-PPTP connection with the IPSec connection, hopefully?
0
 

Author Comment

by:gwg80
ID: 36894989
No that is not what we are comparing. I will play with the settings. Thanks for your input on that last point.
0
 

Author Closing Comment

by:gwg80
ID: 36896290
Shrewsoft client worked as workaround. Final comment was the info missing for client.
Thanks
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
Like many others, when I created a Windows 2008 RRAS VPN server, I connected via PPTP, and still do, but there are problems that can arise from solely using PPTP.  One particular problem was that the CFO of the company used a Virgin Broadband Wirele…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question