General discussion

Locked

Remote Access

By rmillz ·
Currently, remote access at my company is done by mapping 5 public IP addresses with 5 internal IP address through the firewall. Users beyond the first five, remote into the first five and then remote to thier own pcs. I realize this is clearly not the most efficient way of doing things. I am looking for a way to allow multiple users to access their pcs while away from the office. I was considering using a RAS but someone had mentioned that there was a way of assigning port numbers to each computer instead. I am open to all suggestions and all help is appreciated. Due to the lack of my own technical expertise, the more detailed the suggestions, the better.

Network: Sonicwall router, 6 servers, 50 clients, Windows 2003 server, clients are win2k or xp

Thanks agian,
Rick

This conversation is currently closed to new comments.

17 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

what you can do......

by g.luis In reply to Remote Access

You can run all your systems from one IP. Take one IP and connect it to a router. Have that router delegate DHCP addresses to your network. In the router, depending on the make, filter internet access via MAC address. You can find the MAC address by going to each system and typing IPCONFIG /ALL and it will give you the MAC address. You can also download a program called NETSCAN by Softperfect (http://www.softperfect.com/) that will show all connected by name, their IP address, and the associated MAC. <p>

Another thing you can do is use www.logmein.com to allow them to access their PC as if they were actually in the office. It is free provide you only need to access the system an not print or map a drive. Try it out. I?m using it currently to assist my clients who are far away. If you have questions, email me directly fidolido@pacbell.net

Collapse -

How good is your budget?

by Jim_P In reply to Remote Access

You having a Windows 2003 server, you could install Terminal Services, then have your router redirect port 3389 or any port you specify to your Windows 2003 Server's IP Address.
Easy done,
Or the other way, if you right click on My Computer on the Windows 2003 server, and go to the Remote tab, then enable Remote Desktop, only two or more administrators can connect at a time this way.
But implementing Terminal Services, you have to think about installing the end user's software apps, etc.
There is another way, how are they connecting to their PCs?
If you could, have different port redirections setup, change the remote access ports on each PC at work, and then configure the router to allow each port redirected to the allocated port internally.
For example. User One's PC Port is 3345. You allow 3345 to his work computer, from his remote connection client at home you specifiy that port.
For Users' Two PC Port 3346, once again allow the user's home remote connection use that port.
Bit of mucking around, but hey good for saving costs too.
Could also get software like Remote Administrator, (www.farmtech.com) as you could just allow one port redirection through to one PC. Then each PC can tunnel through that PC to the rest of the PCs.

Regards,
Jim

Collapse -

Port Redirection

by rmillz In reply to How good is your budget?

I have changed the listening port of my client machine via its registry key. How do I get the router to send remote access traffic there?

Collapse -

Shouldn't be to hard.

by Jim_P In reply to Port Redirection

In the router you should find something to the effect of Port Redirection, Ports, etc.
So you need to redirect port 3391 to 123.123.123.123 3391 (Not a real IP). Let's say you had port 3392, then redirect port 3392 to 123.123.123.124 3392. Make sure the protocol is TCP, make sure the source is any IP, and the internal IP is the designated IP and the port you chose.
Good luck. By the way the problems you are having with remote desktop, make sure the XP PC is configured to allow remote connections. This can be done by right clicking on My Computer, clicking on the Remote tab, add the appropiate users to the list. This should also automatically configure your Windows Firewall to allow RDP, but won't hurt to check this as well. You can do this by going to Administrative Tools, either in the Start Menu, or go to Control Panel, towards the end of the list there should be the Windows Firewall icon, double click on this and make sure if the firewall is on, that the "Don't Allow Exceptions" box is not checked. Then goto the Exceptions tab has the Remote Desktop Protocol checked, even edit the connection and see the any scope is been chosen for the scope. Then this should be done, now since you have changed the RDP port number by the registry, I am not sure whether or not the Windows Firewall default RDP Entry will relate to that new port or is hard coded to 3389. It might pay to under Exceptions tab in Windows Firewall to add a port of 3391, TCP, and any for the scope. Do this to every PC that needs to have Remote Desktop enabled. Then to test the Windows Firewall from another Internal PC, try and RDP to those PCs. Then try externally.
Let us know how you go.

Kind Regards,
Jim

Collapse -

Update

by rmillz In reply to Shouldn't be to hard.

Hi Jim,
Thank you for the info. I had to edit this post due to my own misinformation. I have double-checked to ensure that "Don't Allow Exceptions" box is not selected. Under "Exceptions" tab on the firewall control I have created a new exception called "Remote Desktop Access" with TCP/3391/Any settings. I then de-selected the original "Remote Desktop" exception that has TCP/3389/Any settings. With these settings I am able to remote from any computer, using port 3391, within the network. The router acts as a static NAT box. I have not made any changes to the router as of yet. In order to use the port meathod, do I need to add every internal IP mapped to the same external IP in the NAT?
Thank you,
Rick

Collapse -

VPN / SSL-VPN / Goto My PC

by binary.basher In reply to Remote Access

Hi,

How about using a secure VPN or SSL (that's the web https equiv.) VPN or even the Goto My PC...

You only require a single Public IP Address for all of the above.

Apart from the last solution (Goto My PC) the others all have a variety of product solutions available.

The Goto My PC solution is also simple and practical for small companies.

URL: https://www.gotomypc.com/

Ryan

Collapse -

easy and powerful SSL VPN

by webjabber In reply to VPN / SSL-VPN / Goto My P ...

http://www.gotoServers.com offers a simple, powerful and easy SSL VPN solutions. Secury and easy to use. Free trial. Take a look, you will be surprised.

Collapse -

THANK YOU!

by rmillz In reply to Remote Access

Thanks for all the suggestions. I will look into all of them and let you know how it goes... Thanks again! Rick

Collapse -

Multiple users

by puterfx In reply to Remote Access

I'm in a similar situation and have 6 users who want to remote in. I've set up 3 so far and have to purchase 3 more copies of XP (not just for remote purposes) and will be setting up the other 3 within the next week or so. It's failry simple to do with 1 IP address. The tricky part is getting it thru the router (mine is a watchdog) and the other challenge might be XP's firewall. Theoretically, the firewall is supposed to change ports automatically for Remote Desktop ... at least that's what I've read. I had to make a new remote desktop exception in the firewall with the new port and it works fine now.

For some easy to understand information on setting up remote desktop and changing ports, you might want to check out this webpage.http://members.cox.net/drcray/remotedesktop.htm

He did a nice job of explaining and it has screen shots to help.

Good luck

Collapse -

Trouble outside network

by rmillz In reply to Multiple users

The article posted was very helpful. I am now able to remote within the network using specific port numbers. Unfortunately, I am still unable to connect from outside of my network. I have configured my client machine to listen for a specific port (3391) and configured the router to map the same port number on a specific public IP to my client machine. I asked a friend to attempt to remote into my machine using the specified public IP address and specific port (example 192.168.3.10:3391), but they received an error message saying they could not connect. Am I perhaps missing a step?

Back to IT Employment Forum
17 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums