Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Remote access

Posted on 2004-10-07
6
Medium Priority
?
232 Views
Last Modified: 2013-11-21
The goal of this project is to provide remote access from 1 point to another

Need to establish a remote connection from "A" to "B" then to "C"

A = Home

B = Office1

C = Office2

Home will have ISP connection, I will provide VPN into office1...how do I then get to office2?

Office1 will have Cisco Concentrator 3000
office2 will have Cisco 1710 router

Please advise.
0
Comment
Question by:MCHDMISDEPT
6 Comments
 
LVL 13

Expert Comment

by:masterbaker
ID: 12253843
Are you trying to set up a VPN between office1 and office2, or can you just open ports on the router?  When you say remote access, what kind of remote access are you talking about?  A better understanding of the network setup might help as well.

Lets say you just wanted to be able to remotely control the desktops.  Lets assume we're working with XP machines.

You could, from home, use the Remote Desktop Connection program to connect in to your XP machine in Office1.  Since you have a VPN you shouldn't need to fiddle with the ports.  All you need to do is set up the remote access on the XP machine in Office1.  To enable it, launch the Control Panel and open System.  Click on the Remote tab and then select the "Allow users to connect..." option in the Remote Desktop box.  You can also configure which users have access, as needed.

I'm am also assuming that the Office2 network is not directly available to Home (maybe it is across a frame network inside Office1?)  Once you have your connection to Office1, you need to remotely control a PC in Office2.  I'm not sure Remote Desktop Connection will let you make another connection while you are already remote.  If you can do this, all you would need to do is set up the PC in Office2 to allow the connection and then open up port 3389/tcp on the router for the PC in Office1.

Am I on the right track, or is your question totally different?

Jeff
0
 

Author Comment

by:MCHDMISDEPT
ID: 12254248
A little different and complex:

Home user will come from their ISP...the goal is the get home user to connect to office2.  Office2 public INT is an IP from the office1 network.

so, we have:  User with ISP, they VPN into office1 via Cisco conentrator (by the way, the concentrator is on the same network as office2 router public INT)...then we need to go from office1 to office2 (office2 has 1710 router) (the access-lists you gave me are going to be used on the 1710 router at office2)  

Thanks.
0
 
LVL 13

Expert Comment

by:masterbaker
ID: 12254307
So if you get a successful VPN connection through the Cisco concentrator, you should just be able to open up something from office2, assuming the routes are built properly.

I'm not familiar with the Cisco VPN client so I'm not sure how it works.  When you connect in, does it assign you an IP address on the office1 network?  I know Checkpoint refers to this as "Office mode".  The Microsoft VPN client works this way as well.  If you do get an IP address on the network, then you should be able to launch your software, whatever it may be, and attempt to connect to an IP address on the office2 network.  Have you configured the Cisco 3000 to have the office2 subnet as part of the VPN domain?  I'm probably not using the correct "Cisco" terms for this, so sorry for the confusion if I'm causing any.

Have you alread tried this without luck, or are you just getting ready to roll this out?

Jeff
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 2

Expert Comment

by:danielwpc
ID: 12255186
I am not sure what exactly you are doing, why you have to go from A to B to C not A to C? Anyway, one thing I can suggest is use terminal service in B and than A can access to B through terminal service client and once you get in to B than use the local computer in B to access network C.
0
 
LVL 2

Accepted Solution

by:
Seamless-IT earned 1500 total points
ID: 12255990
Say the inside address of the concentrator is 192.168.1.1/24 & the outside address of the 1710 is 192.168.1.2/24. I think this is what your describing. If so, then you also have the pool addresses that are being handed out to the VPN clients will say 192.168.200.0/24 & the internal network behind the 1710 will call this 192.168.50.0/24.

Put a static route in the concentrator stating any traffic going to 192.168.50.0/24 use 192.168.1.2.

Put a static route in the 1710 stating any traffic going to 192.168.200.0/24 use 192.168.1.1

This should work unless your missing something. Is the default gateway of office1 the concentrator or is there another router involved?
0
 

Author Comment

by:MCHDMISDEPT
ID: 12261829
Jeff-
     Yes when the home user connects to the concentrator they will recieve an IP from the office1 network.  Office1 have routes setup in it that allow communication between the two vlans that are being used.  i.e.(when home user connects to concentrator they will recieve a 172.16.0.x/24 address...these will communicate with the 1710 routers who's PUB int is 172.17.1.x/24...each 1710 router is setup as a DHCP server handing 192.160.0.x/24 addresses out)


0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question