We help IT Professionals succeed at work.

PCanywhere to connect to more than 1 computer on a network

jghentley
jghentley asked
on
I have PCanywhere 9.2 installed on 3 computers on my office network and they are set as hosts. When I connect from home via a cable Internet connection I can only connect to one computer - it does not allow me a choice of which computers I would like to connect with. Since we only have 1 IP address which is for the gateway router I can only use that IP address to connect. Is there a soulution for this?
Comment
Watch Question

Commented:
if your gateway router has a web configuration utility open to the outside address, you could change the port mappings or DMZ host address settings to select the system prior to connecting.





Commented:
a better idea:

with a VPN connection to your network, you should be able to select a computer.

what kind of gateway router do you have?

Mike

Commented:
This is a common issue with NAT.

We do something called "piggybacking". You would connect to machine A behind the firewall/NAT that the packets are routed to. Then from there, you would control the one you want behind the firewall from there.

This is usually not supported but it usually works okay.

Commented:
and YES, a VPN is an ideal solution. Then your home machine "appears" to be on the local LAN. This is what we did to resolve the need for piggybacking.

Author

Commented:
We have a SMC barricade router and it does have web admin function but could you explain the piggybacking and other options in more detail?

Commented:
piggybacking - at home (or whatever), you would connect as you normally would. It'll connect you to the ONE machine only that has been assigned the port mapping destination. Once you connect to that machine, you would control that machine to do a controll session (if PCA supports this. We use Timbuktu and it usually works fine for us. It's just not supported by tech support if you have problems.)

Of course, only one person at a time can do this.


I don't know if the SMC Barricade supports a VPN. I don't know the appliance.

With a VPN, you would set up user accounts on the Barricade with usernames and passwords that home users would use. You would also configure an office LAN IP address for the home machine.

VERY basically, what happens is someone connects via the Internet through their ISP to the office. They would have a VPN profile set up on their home machine/router and at the office router that matches. When they try to make a connection, the VPN on the office router checks the credentials of each package from the home profile to make sure it matches what's on the office profile. If they match, it lets the packet in. This way, users at home are effectively connected to the local LAN and could connect to any machine on the LAN as if they were there. If you run an NT domain at the office, they would run into some issues there that you can deal with.  

Top Expert 2004
Commented:
this may help
pcAnywhere and Network Address Translation
 


pcAnywhere and Network Address Translation

Situation:
You want to know if pcAnywhere will work with Network Address Translation.

Solution:
Network Address Translation (NAT) is a technology that allows workstations using
private Internet Protocol (IP) addresses to still have access to the Internet.
NAT does this by substituting a registered IP address into the source address of
a message leaving the internal network and then restoring the internal address
into the source address from a reply message.

Registered IP addresses are a scarce resource and while you can buy static IP
addresses, the cost can be prohibitive for small businesses and home users.
Large businesses either cannot purchase the large number of addresses they need,
or they want to limit, for security reasons, the number of addresses that access
the Internet. With NAT gateways running on a single or limited number of
computers, it is possible to share a single registered address between multiple
local computers and connect them all at the same time. The outside world is
unaware of this division and thinks that only one computer is connected.

There are various ways to implement NAT:
  Single internal IP address is paired to a single external IP address. This is
  an uncommon practice. It does not extend the registered IP addresses between
  computers but does increase security.
  Multiple internal IP addresses are mapped to the same external IP address.
  This is the most common use of NAT.
  Multiple internal IP addresses are mapped to dynamically assigned external IP
  addresses. Home users and small businesses would use this solution most often.
  Any of the previous three options, plus associating an internal IP address
  with a TCP and/or UDP port. This is an extra layer of control and security.
  Dynamically assigned internal IP addresses mapped to external IP addresses.
  This is not common because the internal computer does not have an IP address
  until it is needed to access the Internet through the NAT gateway.

Figure 1: General operation of a NAT



NAT is usually included with a router and/or firewall. Network administrators
have to create the NAT table that controls the address mapping. NAT provides
firewall type protection on the Internet because it only allows connections that
originate on the internal network unless you use inbound mapping for certain
services. An example of this would be mapping the pcAnywhere TCP/UDP ports
inbound to a specific host waiting on the network.
For more information about NAT, please see:
http://work.home.net/whitepapers/natwpaper.html

pcAnywhere and NAT
  PLEASE NOTE: The ability of pcAnywhere to access a host through a NAT is
  totally dependent on the configuration of the NAT. pcAnywhere Technical
  Support cannot assist in configuring any NAT to allow pcAnywhere connections.
  You must contact the vendor of the NAT software for that information.

pcAnywhere should work with the first four methods of NAT. It does not work with
the last method because the host computer cannot get an assigned IP address
until it contacts the NAT server by sending an outbound IP packet.

If you intend to use address/port mapping with NAT, that mapping is done with
NAT and not by changing the TCP/UDP ports that pcAnywhere uses.

Here are a few things to consider when using pcAnywhere with NAT:
  The NAT table must map to the address of the pcAnywhere host; for this reason
  the host address should be a static (internal) IP address unless you can
  dynamically update the NAT table and mappings.

  If you have multiple hosts on the internal network, you will probably have to
  assign different TCP/UDP ports to each host. The default ports for pcAnywhere
  are 5631 (TCP) and 5632 (UDP). For detailed information on changing these port
  numbers, please see the following documents:
  For pcAnywhere 9.x and 8.0, document 1999110411575512: How to change the
  pcAnywhere IP ports.
  For pcAnywhere 10.x, document 2001021417112312: How to change the IP ports
  that pcAnywhere 10.x uses.

  NOTE: Any remote trying to connect to the hosts must use the same ports as
  those assigned to the host.

  pcAnywhere remotes will have to know the external IP address of the host's NAT
  server. If the NAT server connects to the Internet using Dial-Up Networking,
  that address is dynamically assigned by an Internet Service Provider and will
  probably be different with each dial-up. Remotes connecting in will have to
  somehow be given that address each time.




Product(s): pcAnywhere 10.0, pcAnywhere 10.5, pcAnywhere 9.0, pcANYWHERE32
version 8.0 - Win95/NT
Operating Systems(s): Windows 95, Windows 98, Windows 98SE, Windows NT 4.0,
Windows 2000, Windows Me, Windows XP
Document ID: 1999050310452112
Date Created: 05/03/99
Last Modified: 01/16/2002
from
http://service2.symantec.com/SUPPORT/pca.nsf/pfdocs/1999050310452112

Commented:
Question:

How does your setup currently know which system to connect to, or do you know? did you insert port mappings for TCP 5631 and UDP 5632 or did your put its IP address under the "DMZ Host"?

The "DMZ host" field is used to direct traffic to internal systems when the destination cannot be determined by static port mappings. So it seems likely that by changing this value you could select which PCA host to access, in the absense of any static mappings. Otherwise you would need to change the static mappings for UDP 5632 and TCP 5631.

by changing the settings via the web, you could effectively select the PCA host. if you don't want to leave the web interface open to the outside, you could also use alternate ports on 2 of the hosts, and create a seperate set of mappings for each host. then you would need to change the ports on the client end in order to select the host.

The DMZ field would also be used to designate the VPN server, along with a static mapping for TCP 1723. By running a VPN server with RRAS, VPN clients would become part of the local network and would choose any system normally.

If the "DMZ host" field is not present in your SMC configuration utility, you need to upgrade the BIOS. This feature was introduced semi-recently primarily to effect incoming VPNs.


Mike

Commented:
hey mpl
why couldn't you tell me that
lol

Author

Commented:
My gateway router would only allow one host per port number so I could only connect to one host on the LAN. So I followed the instructions from the Symantec knowledge base article and set up different registry files on the remote and set PCanywhere to use different ports on each host on the LAN - 5631,5632; 5641,5642...etc. Now I just run the reg file on the remote according to which host I want to connect to and it works fine.
Thank you.
(mpltech was also helpful)
Top Expert 2004

Commented:
Glad to help
Steve

Explore More ContentExplore courses, solutions, and other research materials related to this topic.