Roaming users with laptops - VPN for internet access?

Roaming users with laptops - VPN for internet access? (Full Version)

All Forums >> [ISA 2006 Firewall] >> VPN

Message

dgunner -> Roaming users with laptops - VPN for internet access? (10.Jul.2008 10:43:43 AM)
I have about a dozen or so roaming users with a laptop used for Internet access both at home or from hotels etc. At the moment they just plug in (local firewall) to the network or connect over wireless and browse the web. I am wondering whether they should in fact VPN to our network first to gain Internet access so we can better protect their machines. Is this generally considered a good idea ( a company I used to work for before I did this sort of thing did it without any problems) or even of benefit? Will it not slow down their Internet access? I don't want to go overboard but at the same time think that as they nearly all use dodgy wireless connections it's probably a good idea.

jdostal -> RE: Roaming users with laptops - VPN for internet access? (10.Jul.2008 11:00:37 AM)
You might be better off just creating GPO's that bump up the Windows Firewall on the laptop when they are off domain... Do you use a web filter? WebSense actually has a laptop client that you can install...the client is invisible to the user, but it basically checks back with your web filter every time a user makes a request to see if it's allowed or not. Works pretty well!

paulo.oliveira -> RE: Roaming users with laptops - VPN for internet access? (10.Jul.2008 1:12:31 PM)
Hi, the only complain I have about ISA is the VPN client, it is TOO SLOW!! Maybe is better you test your proposing solution and see how it goes. Don´t know websense, but it sounds good too. [;)] Regards, Paulo Oliveira.

mdriest -> RE: Roaming users with laptops - VPN for internet access? (14.Jul.2008 11:25:39 PM)
quote: ORIGINAL: paulo.oliveira Hi, the only complain I have about ISA is the VPN client, it is TOO SLOW!! Maybe is better you test your proposing solution and see how it goes. Don´t know websense, but it sounds good too. [;)] Regards, Paulo Oliveira. Hello Paulo, We use the MS VPN Client (CMAK'd) on Windows XP Pro with ISA Server 2006 Enterprise (2 node array) and we experience no slowness what-so-ever with any type of traffic. Prior to the ISA 2006 Ent 2 node we were running ISA Server 2004 Standard on a single node with no issues for 2 1/2 years. Did you happen to see slowness with a particular concurrent amount of VPN Users (say over 200, etc)? By the way our VPN requires it to be the remote gateway and all internet access is routed through the VPN (IE Proxy Auto Config script). Mike Driest Network/Systems Administrator Industrial Control Repair www.industrialcontrolrepair.com

paulo.oliveira -> RE: Roaming users with laptops - VPN for internet access? (16.Jul.2008 8:42:29 AM)
Hi Mike, I feel the slowness with only one user connected. I don´t think this has to be with my bandwidth, cause we have 1MB and is not fully used. If I ping from VPN network to an internal server, the reply is about 400ms. [:(] quote: By the way our VPN requires it to be the remote gateway and all internet access is routed through the VPN (IE Proxy Auto Config script). I use it the same way, otherwise it will be a security issue. Is there any guide to help me improve my VPN performance? I appreciate any suggestion. Note: I don´t use CMAK. Regards, Paulo Oliveira.

mdriest -> RE: Roaming users with laptops - VPN for internet access? (16.Jul.2008 8:54:42 PM)
quote: ORIGINAL: paulo.oliveira Hi Mike, I feel the slowness with only one user connected. I don´t think this has to be with my bandwidth, cause we have 1MB and is not fully used. If I ping from VPN network to an internal server, the reply is about 400ms. [:(] quote: By the way our VPN requires it to be the remote gateway and all internet access is routed through the VPN (IE Proxy Auto Config script). I use it the same way, otherwise it will be a security issue. Is there any guide to help me improve my VPN performance? I appreciate any suggestion. Note: I don´t use CMAK. Regards, Paulo Oliveira. Hi Paulo, When we originally had ISA 2004 STD we had a single full T1 line 1.5MB for about 1.5 years We then upgraded to 2xT1s for a full 3MB about 1.5 years ago. When we had a single T1 there were about 15 or so concurrent VPN Users and then with the 3MB and 2 node ISA 2006 Array we now have about 30 concurrent VPN Users. In either setup we haven't seen any slowness due to VPN. Our MS VPN Client was setup with CMAK, but I've also used the MS VPN Client that's built into Windows XP with no speed differences. When you ping an internal server from VPN and receive 400ms is that while using a Cellular AirCard/Mobile Broadband Card? A lot of our users have Sprint Mobile Broadband Cards and when using EVDO Rev. A I think normal latency to an internal server is about 200ms-250ms on average. I have Comcast at my house and when connected to our VPN the latency to an internal server is an average of 50ms. Who is your ISP? Can you ping the Router in front of ISA from the same device that gave you 400ms? If so what's the result?

paulo.oliveira -> RE: Roaming users with laptops - VPN for internet access? (23.Jul.2008 8:24:50 AM)
Hi Mike, thanks for the response. I´ll test ir and let you know. Regards, Paulo Oliveira.

paulo.oliveira -> RE: Roaming users with laptops - VPN for internet access? (6.Aug.2008 8:11:26 PM)
Hi Mike, the device I'm using is a notebook. My home speed connection is 200kbps [:(] I pinged to my ISP and the result is below: Packets: Sent = 30, Received = 30, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 663ms, Maximum = 750ms, Average = 683ms I also pinged to an interal machine and the result is below: Packets: Sent = 30, Received = 28, Lost = 2 (6% loss), Approximate round trip times in milli-seconds: Minimum = 642ms, Maximum = 791ms, Average = 684ms Regards, Paulo Oliveira.

Jason Jones -> RE: Roaming users with laptops - VPN for internet access? (7.Aug.2008 7:10:16 AM)
I've deployed numerous ISA VPN solutions and had various issues, but never speed problems...wouldn't hestiate to recommend ISA for VPN client use, it really is pretty bulletproof and a great solution when you consider the amount of protection you can achieve with ISA application-layer filters and granular user based access policies.

mdriest -> RE: Roaming users with laptops - VPN for internet access? (7.Aug.2008 9:19:44 AM)
Hi Paulo, The combination of 200kbps and the 683/684ms avg latency is what's killing your speed and overall experience. What time of home connection do you have and who's your ISP? Thank you, Mike Driest

paulo.oliveira -> RE: Roaming users with laptops - VPN for internet access? (7.Aug.2008 3:39:22 PM)
Hi Jason, thanks for the reply and for share your experience. But, is not just me, my manager complained about ISA VPN too. One other collegue of my also thinks it´s too slow. I really like ISA features! In fact, I´m trully recommending this GREAT firewall to my other collegues, because of it´s cools features. Do you also think is my internet connection or some misconfiguration on my ISA server? Regards, Paulo Oliveira.

paulo.oliveira -> RE: Roaming users with laptops - VPN for internet access? (7.Aug.2008 3:42:48 PM)
Hi Mike, I was afraid you said that about my speed. I connected at 20:00h. My ISP is a digital TV company named NET. Regards, Paulo Oliveira.

Page: [1]