Solved

Remote access

Posted on 2004-10-07
6
228 Views
Last Modified: 2013-11-21
The goal of this project is to provide remote access from 1 point to another

Need to establish a remote connection from "A" to "B" then to "C"

A = Home

B = Office1

C = Office2

Home will have ISP connection, I will provide VPN into office1...how do I then get to office2?

Office1 will have Cisco Concentrator 3000
office2 will have Cisco 1710 router

Please advise.
0
Comment
Question by:MCHDMISDEPT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 13

Expert Comment

by:masterbaker
ID: 12253843
Are you trying to set up a VPN between office1 and office2, or can you just open ports on the router?  When you say remote access, what kind of remote access are you talking about?  A better understanding of the network setup might help as well.

Lets say you just wanted to be able to remotely control the desktops.  Lets assume we're working with XP machines.

You could, from home, use the Remote Desktop Connection program to connect in to your XP machine in Office1.  Since you have a VPN you shouldn't need to fiddle with the ports.  All you need to do is set up the remote access on the XP machine in Office1.  To enable it, launch the Control Panel and open System.  Click on the Remote tab and then select the "Allow users to connect..." option in the Remote Desktop box.  You can also configure which users have access, as needed.

I'm am also assuming that the Office2 network is not directly available to Home (maybe it is across a frame network inside Office1?)  Once you have your connection to Office1, you need to remotely control a PC in Office2.  I'm not sure Remote Desktop Connection will let you make another connection while you are already remote.  If you can do this, all you would need to do is set up the PC in Office2 to allow the connection and then open up port 3389/tcp on the router for the PC in Office1.

Am I on the right track, or is your question totally different?

Jeff
0
 

Author Comment

by:MCHDMISDEPT
ID: 12254248
A little different and complex:

Home user will come from their ISP...the goal is the get home user to connect to office2.  Office2 public INT is an IP from the office1 network.

so, we have:  User with ISP, they VPN into office1 via Cisco conentrator (by the way, the concentrator is on the same network as office2 router public INT)...then we need to go from office1 to office2 (office2 has 1710 router) (the access-lists you gave me are going to be used on the 1710 router at office2)  

Thanks.
0
 
LVL 13

Expert Comment

by:masterbaker
ID: 12254307
So if you get a successful VPN connection through the Cisco concentrator, you should just be able to open up something from office2, assuming the routes are built properly.

I'm not familiar with the Cisco VPN client so I'm not sure how it works.  When you connect in, does it assign you an IP address on the office1 network?  I know Checkpoint refers to this as "Office mode".  The Microsoft VPN client works this way as well.  If you do get an IP address on the network, then you should be able to launch your software, whatever it may be, and attempt to connect to an IP address on the office2 network.  Have you configured the Cisco 3000 to have the office2 subnet as part of the VPN domain?  I'm probably not using the correct "Cisco" terms for this, so sorry for the confusion if I'm causing any.

Have you alread tried this without luck, or are you just getting ready to roll this out?

Jeff
0
Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

 
LVL 2

Expert Comment

by:danielwpc
ID: 12255186
I am not sure what exactly you are doing, why you have to go from A to B to C not A to C? Anyway, one thing I can suggest is use terminal service in B and than A can access to B through terminal service client and once you get in to B than use the local computer in B to access network C.
0
 
LVL 2

Accepted Solution

by:
Seamless-IT earned 500 total points
ID: 12255990
Say the inside address of the concentrator is 192.168.1.1/24 & the outside address of the 1710 is 192.168.1.2/24. I think this is what your describing. If so, then you also have the pool addresses that are being handed out to the VPN clients will say 192.168.200.0/24 & the internal network behind the 1710 will call this 192.168.50.0/24.

Put a static route in the concentrator stating any traffic going to 192.168.50.0/24 use 192.168.1.2.

Put a static route in the 1710 stating any traffic going to 192.168.200.0/24 use 192.168.1.1

This should work unless your missing something. Is the default gateway of office1 the concentrator or is there another router involved?
0
 

Author Comment

by:MCHDMISDEPT
ID: 12261829
Jeff-
     Yes when the home user connects to the concentrator they will recieve an IP from the office1 network.  Office1 have routes setup in it that allow communication between the two vlans that are being used.  i.e.(when home user connects to concentrator they will recieve a 172.16.0.x/24 address...these will communicate with the 1710 routers who's PUB int is 172.17.1.x/24...each 1710 router is setup as a DHCP server handing 192.160.0.x/24 addresses out)


0

Featured Post

Defend Your Organization from The Greatest Threats

Looking to fill the gaps in your security? Bring together information from the network, endpoint and threat intelligence feeds to really see what's happening in your organization. Join the WatchGuardians in their adventures fighting cyber crime!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question