Hi Ericl,   We have done the same.  Will leave it this way for a couple of weeks and try again.     ... View more

I've done both, and there isn't enough info to recommend one over the other.   Your DC environment, is it just a single VLAN? If there are multiple VLANs what is doing the routing between them? If you have a routing platform, does it exchange routes with anything else?   Are your spokes sitting in a nice superscope that can be sumarised with a small number fo static routes?   Are you going to have a pair or MX's for HA? ... View more

Just got my monthly report today   And ya....lots of spam in my logs which makes it almost useless to try and dig through     ... View more

I don't think Hotels specifically block client VPN (at least none that I have ever been involved with).   IPSec when running through NAT tunnels traffic through UDP ports.  UDP is stateless.  So the NAT device needs to be the tiniest bit smarter about handling this, because it can't tell when the sessions are finished.  Most NAT UDP implementations implement an idle session timer and a max session lifetime timer.  Some implementations choose stupid values for these, like a 5s idle timer (which is enough to make DNS work, but not much else).  Some implement annoying max duration session times like 30 minutes. It is in these cases that an IPSec based client VPN will fail, or only run for set periods of time before failing.   In my experience, the number of these bad NAT devices is reducing.  I only tend to run into them in a small number of home domestic routers these days.     SSL VPN however uses TCP.  TCP has a clear start and end of session, and can be easily tracked.  SSL VPN tends to have no issues as a result. ... View more