Problems Using a VPN Connection from South America

anuneznyc
anuneznyc used Ask the Experts™
on
We have a couple of employees that routinely use a VPN connection to access files on a Windows 2003 domain. However, they are currently on a business trip in South America and have been unable to successfully log into the VPN. Is VPN access something that could be getting blocked by the Wifi networks they are using for internet access?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Absolutely. Off course it would greatly help if you at least stated what exact VPN technology you are referring to or using. Your question is somewhat vague.
I have seen issues with Wireless carriers in South America that block ESP. So users that tried to use IPsec would see a tunnel is established but they cannot pass traffic. SSL VPN is much more unlikely being blocked.

Author

Commented:
I'm not 100% sure of the exact VPN technology. The users having the problem are using the built-in VPN client that comes with Windows XP Pro.

On the server side, I believe the VPN was set up using the software that comes standard with Windows Server 2003. Is there more than one VPN option in Server 2003?

Author

Commented:
If that's what the wireless carriers are doing, what might be a way around this limitation?
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

Sudeep SharmaTechnical Designer
Commented:
Could be the routing issue?

Can you tracert from the windows systems to the IP address of your VPN server?

Could you network admin change the routing if using Cisco router using PBR (Policy Based Routing)

Author

Commented:
Both employees have successfully used the VPN on previous business trips to SA. On this trip they say they have tried using the hotel wifi, a client's office wifi, as well as a Starbucks and they have all failed. Apparently the VPN connection initially says it's connected, but then the connection drops before they can access their email or files.

Since they have tried this from so many different locations, I think we can rule out the theory that ports 1701 & 1723 are being blocked by the ISP.
Too little information to tell. If you could be a bit more specific on the VPN type connection I may be able to help. IPsec obviously is the best and most robust VPN technology in deployment today for any Operating System. So rather then go cheap and use Microsoft VPN stuff which is full of security holes I invest in something robust. Unless security and robustness is not a concern. But then why use VPN in the first place. Just open up your network.

Author

Commented:
I hear what your saying. Perhaps a 3rd party VPN solution is the best way to prevent this from happening in the future. Would welcome your recommendations.

In the meantime, do you think it's possible that their internet connection is too slow and the VPN connection could be timing out? Maybe we could adjust the TTL setting on the server-side?
Turns out that these users' laptops had Symantec Endpoint Protection recently installed on them and this was blocking them from connecting via the VPN.

Author

Commented:
My comment is the correct solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial