Right now we have a typical fat VPN client installed on laptops for people to get access to the network remotely. The software is buggy and always seems to not want to work when the person is on the other side of the world. So my question is, does anyone know if there is a web based VPN solution. Maybe a web portal that they can log into that will encrypt all traffic back to our network, like a VPN.
This would free us up from having to troubleshoot this and reinstall it when the person is away.
I am not talking about a citrix type solution, one that will allow a user to use their laptop, and all the apps on it, as well as get network drive access, as if they are sitting in the office.
Depends on what you have in terms of equipment, etc. If you have Server 2008 (or better) and an IPv6 address, you could use DirectAccess. There are plenty of SSL VPN products out there as well, which do require a client (or a temporary client installation), but they’re very lightweight. If you have Server 2008 you could also use SSTP (which is very similar to SSL VPN), but that is Windows Vista and higher only.
cisco has a clientless ssl vpn portal for the asa series. it allows network access to any cifs you allow the user/group, but using things like vmware or local AD tools wont directly work. you can however install add-ons to allow for rdp sessions, etc.
OpenVPN ALS is a web-based SSL VPN server written in Java. It has a browser-based AJAX UI which allows easy access to intranet services. OpenVPN ALS is a direct descendant of Adito, which was a fork of SSL-Explorer.
Basically you log in via a webpage which will establish a ssl-vpn portal for services such as webpage,RDP,ssh etc.
The idea of a web portal for VPN is a disaster. The purpose of a VPN is to allow 2 trusted hosts to connect to each other over a non-trusted network. Once you use a web VPN, you have the potential for untrusted systems on the network. People will connect using whatever machine they want, like some kiosk at and Internet cafe. This will destroy all security of your internal network.
As mentioned, use the Shrew VPN client which works well and is stable. For issues when the VPN is not working, use Logmein or some other such service to connect via regular Internet and fix the VPN.
The SA series has great features, too. Without having to VPN into the network via a client, you can access file shares, remote desktop into configured machines, access intranet sites. There’s other stuff but I can’t think of them off the top of my head.
Juniper also supplies a VPN client with the SA series, too. So you can VPN into the network if you wanna. Neat stuff.
OpenVPN is a great option, too. Cheap, simple and effective. They use a client, though.
We currently do this with an ASA5510. Users log in to the remote portal and start a session with their work desktop. This keeps all temp files and documents on company equipment, and prevents the kinds of risks that can happen from fat client VPN setups. Users like it because they don’t have to remember anything but a URL and credentials, and they don’t have to have a client installed.