Solved

Got VPN going with Watchguard--how to Remote Desktop??

Posted on 2006-07-08
8
2,165 Views
Last Modified: 2008-01-09
Hi all, here's my office setup: Watchguard X5 router, which connects several workstations to a Windows 2000 Server. The Watchguard connects to a Bellsouth DSL modem with a fixed IP address. To access from home, I managed to get a Mobile User VPN going, and can ping the router. Now the main goal is to be able to do a remote desktop so I can run our office program/s from home....but can't do; I'm not able to do a remote desktop on any of the office PCs.

I've searched all over the Internet including Watchguard's site, and can't find an answer. Watchguard says its to do with setting up WINS and DNS and such but they give no useful examples or info. But I know there's *got* to be a way!!!

It would be so grand to be able to do this. Since I have a static IP at the office, I found that I could do a direct remote desktop, as long as I configured the router to do so. However, I consider that to be a security issue so I decided not to keep that open.

Thanks very much.
Raja
0
Comment
Question by:rajabhat
  • 4
  • 4
8 Comments
 

Author Comment

by:rajabhat
ID: 17069016
OK guys, I've found the answer myself since I posted the above question. My home Router, a Linksys, has an IP of 192.168.2.1 and my office Watchguard router had the SAME IP address!! So today I changed the home one to 192.168.3.1 and voila, Remote Desktop works like a charm!

I might comment also, that I'm glad I took all those hours to use a VPN tunnel to do remote desktop, because leaving my office system open to remote desktop is probably fraught with security risks. So much safer to create a VPN tunnel and do remote desktop through it.

Raja
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17086475
Glad to hear you were able resolve Raja. VPN's require different subnets at ether end of the tunnel in order for routing to function properly. Much better to have the VPN running than a direct Remote Desktop connection. Not only is it more secure, but you don't need custom port configuration for each computer to which you want to connect, you can simply use their local IP.
Were you able to get name resolution working OK as well?
0
 

Author Comment

by:rajabhat
ID: 17086769
Hi RobWill,
As to name resolution, that's another matter altogether. I've tried reading anything I can find, but I just can't figure out how to map the office network drives from home. The Watchguard router has a place to enter the WINS of the server, but I have not tried it..I'm not sure that's the answer.......
Raja
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 17087196
Raja, the reason I had asked about name resolution is it is a common problem with VPN's. NetBIOS names are not as a rule broadcast over a VPN so you need to look to other solutions. I am not familiar with the X5's but have used numerous SOHO Watchguards. On these units you can configure WINS and DNS servers but only for site to site (hardware to hardware) tunnels. If you can configure DNS or WINS for the MUVPN clients on the X5 great, but if not have a look at the list I have compiled below for means to connect to remote devices over a VPN. You can also in the VPN client in the security policy editor, on the "my identity" page of your policy choose "preferred" for the Virtual adapter. When you do so it will cause the SafeNet adapter to show up under the Windows connection window. Here you can add DNS servers and WINS servers under the TCP/IP properties for the virtual network adapter.
Consider that and the options below and advise if you need a hand.
--Rob

1) Use the IP address (of the computer you are connecting to) when connecting to devices such as;   \\123.123.123.123\ShareName   or map a drive at a  command prompt using  
 Net  Use  U:  \\123.123.123.123\ShareName
2) An option is to use the LMHosts file which creates a table of IP's and computer names. LMHosts is located in the Windows directory under c:\Windows (or WINNT)\System32\Drivers\Etc\LMHosts.sam , instructions are included within the file. Any line starting with # is just a comment and is ignored. Open the file with Notepad and add entries for your computers as below;
192.168.0.101      CompName       #PRE
Hit enter when each line is complete (important), then save the file without a file extension. To be sure there is no extension ,when saving enclose in quotations like "LMHosts". Now when you try to connect to a computer name it should find it as it will search the LMHosts file for the record before connecting.
More details regarding LMHosts file:
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfd_lmh_QXQQ.asp
The drawback of the LMHosts file is you have to maintain a static list of computernames and IP addresses. Also if the remote end uses DHCP assigned IP's it is not a feasible option. Thus in order to be able to use computer names dynamically try to enable with some of the following options:
3) if you have a WINS server add that to the network cards configuration
4) also under the WINS configuration on the network adapter make sure NetBIOS over TCP/IP is selected
5) try adding the remote DNS server to your local DNS servers in your network card's TCP/IP configuration
6) verify your router does not have a "block NetBIOS broadcast" option enabled
7) test if you can connect with the full computer and domain name as  \\ComputerName.domain.local  If so, add the suffix DomainName.local to the DNS configuration of the virtual private adapter/connection [ right click virtual adapter | properties | TCP/IP properties | Advanced | DNS | "Append these DNS suffixes (in order)" | Add ]
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:rajabhat
ID: 17094289
Whew......Rob, I can't thank you enough for your tremendous input!! I've printed out all what you have said, and will work on it this evening. I'll let you know how it goes!!
Raja
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17094575
Very welcome Raja. Good luck with it.
I did notice a typo. On e of the lines above should read; "will cause the SafeNet adapter to show up under the Windows NETWORK connections window"
--Rob
0
 

Author Comment

by:rajabhat
ID: 17096165
Hi Rob,
I've carefully gone over what you described above. Its been a long long time since DOS so I don't remember much of UNC and doing this through command prompts. Well, since remote desktop works, I'm quite happy with that, and that's mainly what I need to do by remote anyhow. And I'm beginning to feel I've not got much to gain by using command prompts. So I guess I'll let sleeping dogs lie! I'm going to click on "accept" your long answer, though, because it really attempts to get to the root of what I was trying to do.
Thanks,
Raja
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 17096238
Thanks Raja, perhaps it will be useful in the future.
Simple way, if you should want to use names, is option #2, LMHosts file. But I must say I usually just use IP's myself.
Cheers,
--Rob
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Do you have an old router lying around the house that you don’t know what to do with? Check the make and model, then refer to either of these links to see if its compatible. http://www.dd-wrt.com/site/support/router-database http://www.dd-wrt.c…
If you use NetMotion Mobility on your PC and plan to upgrade to Windows 10, it may not work unless you take these steps.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now