MCHDMISDEPT
asked on
Remote access
The goal of this project is to provide remote access from 1 point to another
Need to establish a remote connection from "A" to "B" then to "C"
A = Home
B = Office1
C = Office2
Home will have ISP connection, I will provide VPN into office1...how do I then get to office2?
Office1 will have Cisco Concentrator 3000
office2 will have Cisco 1710 router
Please advise.
Need to establish a remote connection from "A" to "B" then to "C"
A = Home
B = Office1
C = Office2
Home will have ISP connection, I will provide VPN into office1...how do I then get to office2?
Office1 will have Cisco Concentrator 3000
office2 will have Cisco 1710 router
Please advise.
ASKER
A little different and complex:
Home user will come from their ISP...the goal is the get home user to connect to office2. Office2 public INT is an IP from the office1 network.
so, we have: User with ISP, they VPN into office1 via Cisco conentrator (by the way, the concentrator is on the same network as office2 router public INT)...then we need to go from office1 to office2 (office2 has 1710 router) (the access-lists you gave me are going to be used on the 1710 router at office2)
Thanks.
Home user will come from their ISP...the goal is the get home user to connect to office2. Office2 public INT is an IP from the office1 network.
so, we have: User with ISP, they VPN into office1 via Cisco conentrator (by the way, the concentrator is on the same network as office2 router public INT)...then we need to go from office1 to office2 (office2 has 1710 router) (the access-lists you gave me are going to be used on the 1710 router at office2)
Thanks.
So if you get a successful VPN connection through the Cisco concentrator, you should just be able to open up something from office2, assuming the routes are built properly.
I'm not familiar with the Cisco VPN client so I'm not sure how it works. When you connect in, does it assign you an IP address on the office1 network? I know Checkpoint refers to this as "Office mode". The Microsoft VPN client works this way as well. If you do get an IP address on the network, then you should be able to launch your software, whatever it may be, and attempt to connect to an IP address on the office2 network. Have you configured the Cisco 3000 to have the office2 subnet as part of the VPN domain? I'm probably not using the correct "Cisco" terms for this, so sorry for the confusion if I'm causing any.
Have you alread tried this without luck, or are you just getting ready to roll this out?
Jeff
I'm not familiar with the Cisco VPN client so I'm not sure how it works. When you connect in, does it assign you an IP address on the office1 network? I know Checkpoint refers to this as "Office mode". The Microsoft VPN client works this way as well. If you do get an IP address on the network, then you should be able to launch your software, whatever it may be, and attempt to connect to an IP address on the office2 network. Have you configured the Cisco 3000 to have the office2 subnet as part of the VPN domain? I'm probably not using the correct "Cisco" terms for this, so sorry for the confusion if I'm causing any.
Have you alread tried this without luck, or are you just getting ready to roll this out?
Jeff
I am not sure what exactly you are doing, why you have to go from A to B to C not A to C? Anyway, one thing I can suggest is use terminal service in B and than A can access to B through terminal service client and once you get in to B than use the local computer in B to access network C.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Jeff-
Yes when the home user connects to the concentrator they will recieve an IP from the office1 network. Office1 have routes setup in it that allow communication between the two vlans that are being used. i.e.(when home user connects to concentrator they will recieve a 172.16.0.x/24 address...these will communicate with the 1710 routers who's PUB int is 172.17.1.x/24...each 1710 router is setup as a DHCP server handing 192.160.0.x/24 addresses out)
Yes when the home user connects to the concentrator they will recieve an IP from the office1 network. Office1 have routes setup in it that allow communication between the two vlans that are being used. i.e.(when home user connects to concentrator they will recieve a 172.16.0.x/24 address...these will communicate with the 1710 routers who's PUB int is 172.17.1.x/24...each 1710 router is setup as a DHCP server handing 192.160.0.x/24 addresses out)
Lets say you just wanted to be able to remotely control the desktops. Lets assume we're working with XP machines.
You could, from home, use the Remote Desktop Connection program to connect in to your XP machine in Office1. Since you have a VPN you shouldn't need to fiddle with the ports. All you need to do is set up the remote access on the XP machine in Office1. To enable it, launch the Control Panel and open System. Click on the Remote tab and then select the "Allow users to connect..." option in the Remote Desktop box. You can also configure which users have access, as needed.
I'm am also assuming that the Office2 network is not directly available to Home (maybe it is across a frame network inside Office1?) Once you have your connection to Office1, you need to remotely control a PC in Office2. I'm not sure Remote Desktop Connection will let you make another connection while you are already remote. If you can do this, all you would need to do is set up the PC in Office2 to allow the connection and then open up port 3389/tcp on the router for the PC in Office1.
Am I on the right track, or is your question totally different?
Jeff