CADOLZBURG, Germany--(BUSINESS WIRE)--VPNs are generally a great thing as they allow mobile remote access at any time and from anywhere. However, VPN solutions are relatively complex and occasionally contain a few pitfalls. Anyone that is familiar with these problems is prepared for them and can quickly find a solution. If the software has been properly installed and a VPN connection cannot be established, then usually a firewall is at fault, otherwise there could be address conflicts. With modern VPN solutions, however, these problems may be a thing of the past.
Scenario 1: A firewall is preventing a VPN tunnel from being successfully set up
Firewalls are used to deny viruses and malware access to your network. Therefore, generally only the ports in the firewall that are needed for access to the enterprise network are open. The most common ports are port 80 (the http port for Internet browsing) and port 443 (the https port for SSL-encrypted data transmission on the Internet). If either of these ports is open, then you can access the Internet. However, an IPsec VPN requires more open ports in order to successfully establish a connection. The problem is that public places such as hotels often block all ports except port 80 and port 443. Thus, the VPN client cannot establish a connection to the corporate network from the hotel room. The solution to this problem is a VPN that is not based on IPSec but on SSL. In an SSL VPN solution, only the https port 443 is needed to successfully establish a VPN connection to the corporate network. Modern SSL VPNs can even send encrypted data over the http port 80 if port 443 is blocked.
Scenario 2: Address conflicts
If a VPN connection cannot be made to the company network, it is also possible that there are address conflicts between the foreign and the corporate network. This is a historical problem that results from the lack of a sufficient number of IP addresses for each device. When IPv4 addresses were introduced, it was assumed that four billion IP addresses would suffice. However, this was not the case and private internet addresses were introduced. These private IP addresses are shielded from the public Internet (through a router, for example) and are no longer globally unique. If the private IP address obtained from the foreign network (e.g. the hotel) is identical to the private IP address allocated by the enterprise network, then there is an address conflict. This means that neither device knows where it should send the transferred network packets. The result is that the VPN tunnel cannot be established. Therefore, modern VPN solutions have a dynamic NAT (Network Address Translation): the VPN solution searches for an address range that does not conflict with the Internet addresses of the foreign network and then builds a reliable VPN tunnel.
Always up-to-date on remote access and IT security?
For further information and the latest news, HOB also offers several online options to stay up-to-date. Information on the topics of secure remote access, mobile working, cloud computing and IT security can be found on our HOB TrendTalk blog, on Google+ and Facebook. Also, videos can be found on our YouTube channel. For shorter and sweeter updates in these areas, follow us on Twitter.
HOB GmbH & Co. KG is a mid-sized German software enterprise that develops and markets award-winning innovative remote access solutions worldwide. The core competencies of this successful company, founded in 1964, comprise server-based computing, secure remote access, VoIP and virtualization. For more information, visit the HOB website.