Solved

How do I access computers inside network using zywall 2 vpn router

Posted on 2006-07-15
11
615 Views
Last Modified: 2013-11-29
I have a Zywall 2 VPN router that connects my internal network to the internet. I do not have a server, just 12 w/s. The w/s login to a remote application server which is connected by a VPN tunnel. The tunnel is router to router.

My problem is that 4 users want to connect to the remote server from their houses as well. I have thought of allocating certain w/s in the network to be connected from the houses using Remote desktop or tight VNC. However I can only open one 3389 or 5900 port and foward to one workstation.

How can I access more than one computer through the router?
0
Comment
Question by:cvmanzira
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116143
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116145
P.S. you want your remot users to VPN into the network then they will be part of the network and can access all network resources and control any computer with RDP (remote desktop protocal) enabled.

eb
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17116217
If those four users have desktops at the office, you might want to consider logmein.  www.logmein.com  It is a browser based secure client that is free for basic use.  If you just need to run the app, it would be perfect.  If you want to be able to print and such remotely, I believe you have to subscribe to the full client.
0
 

Author Comment

by:cvmanzira
ID: 17116602
I had downloaded the manual already

I have configured SUA testing purposes as follows:

#    active       name   start port            end port               server ip address
--   -------      --------   ----------------    -----------------      -----------------------
1    yes           rdt        3389                 3389                    192.168.31.x
2    yes           vnc       5900                 5900                    192.168.31.xx


Address Mapping

#    Local start ip      local end ip            global start port         global end ip         type
--   ---------------      --------------           ------------------         --------------          -------
1    192.168.31.x      n/a                       xx.xxx.xx.xx               n/a                       1-1
2    192.168.31.xx     n/a                      xx.xxx.xx.xx               n/a                        1-1
3    192.168.31.xxx   n/a                      xx.xxx.xx.xx               n/a                         1-1


i opened firewall settings for tcp and udp

when i try to remote with RDT i have tried xx.xxx.xx.xx
i also tried xx.xxx.xx.xx:3389  without success

for tightvnc i tried server address xx.xxx.xx.xx:5900
i also tried xx.xxx.xx.xx:2 hoping that # 2 is tranlated at a port

any suggestions?


thanks
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17117199
forget allowing rdp and vnc, create a VPN read section 6

A VPN will allow your user to connect securley to the network and ACCESS ALL NETWORK RESOURCES, once they are connected to the VPN they can just go to the internal hosts by internal IP 192.168.31.x

YOu alredy have everything you need for this, most secure way of doing what you want.

eb
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 7

Expert Comment

by:nttranbao
ID: 17117711
since the question indicates "The w/s login to a remote application server", then we should not forger VPN and RDP. Also, the VPN is already set up

Your modem does not support PORT translate, so in oder to remote control 4PC, you must adjust the listening port of VNC and RDP on each machine. (ie 3389 3390 3391 3392 ; 5900 5901 59020 5903

On each computer :
1.How to change listening port in VNC : go to the Tight VNC programe configure, then seek for some looks like : Listenning port 5900, then alter
2.How to change default RDP port : http://support.microsoft.com/default.aspx?scid=kb;en-us;306759

On your router : open SUA for these ports to exactly 4 computers ( ie 3389 -> 192.168.31.1, 5900 ->192.168.31.1; 3390 ->192.168.31.2 ,  5901 -> 192.168.31.2....)
0
 

Author Comment

by:cvmanzira
ID: 17117788
ok eb that sounded like a great solution until I tried to create a tunnel. I have  tunnel one configured to connect to a remote application server.

I configured vpn 2 as follows:

 --------------------------------------------------------------------------------
 Active  = Yes    Nailed-Up   NAT Traversal
   
 Name                                             XXXXXXXXXX
 Key Management                             IKE    
 Negotiation Mode                            Main  

--------------------------------------------------------------------------------
 
--------------------------------------------------------------------------------
Local  
   Client to Site                            0.0.0.0
      Local IP Address                   -----------
   Site to Site  
     Address Type  Range AddressSubnet Address  
      Starting IP Address    
    Ending IP Address / Subnet Mask  

--------------------------------------------------------------------------------
Remote  
  Address Type  Single AddressRange AddressSubnet Address     0.0.0.0
 Starting IP Address                                                                 ----------
 Ending IP Address / Subnet Mask  

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Authentication Method  
  Pre-Shared Key                         xxxxxxxx
                                                 -----------
 
--------------------------------------------------------------------------------
 
Encapsulation Mode                                Tunnel

 

--------------------------------------------------------------------------------
 --------------------------------------------------------------------------------
 ESP      
Encryption Algorithm                         DES  
 Authentication Algorithm                  MD5


On the client side I have created a VPN connection and configured IPSEC according to above settings with a preshared key. I cannot seem to go through the router. I have also tried authentication and created a username and password
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17118056
Unfortunatly I am not farmilure with VPN setup on your device, you may want to concider contacting the manufactur for assistance in seting up the VPN.  

I will look over the manual and see if I can figure anything out

eb
0
 
LVL 22

Accepted Solution

by:
rickhobbs earned 500 total points
ID: 17118163
The manual gives you step by step starting, I believe, in section 14.18.
0
 

Author Comment

by:cvmanzira
ID: 17202704
I abandoned opening a port and instaed bought Zyxel VPN client and that worked, for some reason the WinXP VPN refused to connect

Thanks
0
 
LVL 22

Expert Comment

by:rickhobbs
ID: 17203264
Good to hear.  Usually the client made by the maufacturer is the easiest solution.  Thanks!
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Hi All,  Recently I have installed and configured a Sonicwall NS220 in the network as a firewall and Internet access gateway. All was working fine until users started reporting that they cannot use the Cisco VPN client to connect to the customer'…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now