In addition to our last post on this issue ( https://htsqatar.com/vpn-issues/ ) ,  we would like to add the following .

Except when using Cisco CTCP or OpenVPN , many companies in Qatar facing frequent disconnection or unstable connection on the VPN ,
1- All the firewalls using traditional IPSec VPN for site-to-site connection facing the same issue. These includes most popular firewalls in Qatar – Sonicwall, Fortinet, Cyberoam, Sophos etc.  SSL VPN is stable on all the firewalls BUT these firewalls not supporting site-to-site VPN on SSL/TCP.  Cisco is the only y one supporting VPN over TCP.
2- The issue mostly reported on new fiber installation, 3G/4G connections.
3- If both sides have Static IP from Ooredoo, this issue has not been reported. However if the static IP is only on side and normal internet connection on the other side, same problem has been reported.

Our old post on this issue

Before taking any decision related to  VPN / Remote access , please consider following changes happened recently in Qatar .

1-
After recent upgradation from ADSL to Fiber , users facing issues with IPSec/ISAKMP traffic  . Because of this many site-to-site VPN locations become unstable . It is applicable to 3G/4G and Fiber connections , but not applicable to MPLS/Internet-IP-VPN/Static-IP/Leased-line/V-sat connections .
Solution : Use Cisco based  cTCP  ( https://www.cisco.com/c/en/us/products/collateral/security/ios-easy-vpn/prod_white_paper0900aecd8061e2b3.html ) or OpenVPN . Both of this are not using standard UDP/ TCP ports for VPN . You can use/change any port on these setup .
Summary : If you are planning new VPN setup and if you don’t have static public IP , use Cisco or OpenVPN only . All other UTMs ( like Sonicwall,Cyberoam,Fortnet, Juniper etc )  may not be stable .
2-
Vodafone ADSL and Ooredoo 3G/4G started giving Natted IP , like 10.X.X.X ( not entirely , but it is on  roll-out stage ) . That means you may not be able to publish cameras/servers etc through such setup . Also you can not have Vodafone or Ooredoo 3G/4G connections on VPN head-end .
Solution : As of now you can not publish Camera/server on such connections . Use Qtel ADSL / Fiber or Static public IP  . If there is no such connections available ( like in Readymix factories ) call us , we can offer cloud based VPN .
Will update you any development related to this .   Email me to support@htsqatar.com

 

Leave a reply