In part one of this two-part series, we explored the problem that many IPsec users face when trying to connect to their corporate network from the road, especially hotels. This being, some hotels block IPsec ports because of the misconception that SSL is universally employed.
So what’s the solution? Firstly, for security reasons, users should not deactivate the firewall or the proxy server. However, compelling a hotel guest to send or receive sensitive information via unsecured connections is no option either. Even using SSL is not a suitable for all situations, as SSL does not provide the same level of security as IPsec. And to further complicate matters, SSL only works with applications that are optimized for browser access.
However, there is a third option that combines the best of both worlds: NCP’s VPN Path Finder Technology. When a guest wants to establish a connection to his company network from a hotel, NCP’s Secure Client automatically recognizes if the company’s VPN gateway is not available via IPsec. In this case, the client software automatically switches to a modified IPsec protocol mode.This modified IPsec mode uses a TCP encapsulation and prefixes a SSL header. The IPsec client simulates a SSL connection via the standard HTTPS Port 443 and uses it to establish an IPsec tunnel to the company network.
The main advantage of this solution: there is no discernible change for users. They continue using all their regular authentication mechanisms — and reap the benefits of IPsec. Also, the corporate system administrators can enforce this security policy without having to make exceptions for single users who would undermine the company’s security concept. And finally, the hotel managers, too, profit from NCP’s VPN Path Finder Technology. Their guests are content because they are able to easily and securely access their company network, despite firewall and proxy server issues.