How do I access computers inside network using zywall 2 vpn router

I have a Zywall 2 VPN router that connects my internal network to the internet. I do not have a server, just 12 w/s. The w/s login to a remote application server which is connected by a VPN tunnel. The tunnel is router to router.

My problem is that 4 users want to connect to the remote server from their houses as well. I have thought of allocating certain w/s in the network to be connected from the houses using Remote desktop or tight VNC. However I can only open one 3389 or 5900 port and foward to one workstation.

How can I access more than one computer through the router?
cvmanziraPresidentAsked:
Who is Participating?
 
Rick HobbsConnect With a Mentor RETIREDCommented:
The manual gives you step by step starting, I believe, in section 14.18.
0
 
Erik BjersPrincipal Systems AdministratorCommented:
P.S. you want your remot users to VPN into the network then they will be part of the network and can access all network resources and control any computer with RDP (remote desktop protocal) enabled.

eb
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

 
Rick HobbsRETIREDCommented:
If those four users have desktops at the office, you might want to consider logmein.  www.logmein.com  It is a browser based secure client that is free for basic use.  If you just need to run the app, it would be perfect.  If you want to be able to print and such remotely, I believe you have to subscribe to the full client.
0
 
cvmanziraPresidentAuthor Commented:
I had downloaded the manual already

I have configured SUA testing purposes as follows:

#    active       name   start port            end port               server ip address
--   -------      --------   ----------------    -----------------      -----------------------
1    yes           rdt        3389                 3389                    192.168.31.x
2    yes           vnc       5900                 5900                    192.168.31.xx


Address Mapping

#    Local start ip      local end ip            global start port         global end ip         type
--   ---------------      --------------           ------------------         --------------          -------
1    192.168.31.x      n/a                       xx.xxx.xx.xx               n/a                       1-1
2    192.168.31.xx     n/a                      xx.xxx.xx.xx               n/a                        1-1
3    192.168.31.xxx   n/a                      xx.xxx.xx.xx               n/a                         1-1


i opened firewall settings for tcp and udp

when i try to remote with RDT i have tried xx.xxx.xx.xx
i also tried xx.xxx.xx.xx:3389  without success

for tightvnc i tried server address xx.xxx.xx.xx:5900
i also tried xx.xxx.xx.xx:2 hoping that # 2 is tranlated at a port

any suggestions?


thanks
0
 
Erik BjersPrincipal Systems AdministratorCommented:
forget allowing rdp and vnc, create a VPN read section 6

A VPN will allow your user to connect securley to the network and ACCESS ALL NETWORK RESOURCES, once they are connected to the VPN they can just go to the internal hosts by internal IP 192.168.31.x

YOu alredy have everything you need for this, most secure way of doing what you want.

eb
0
 
nttranbaoCommented:
since the question indicates "The w/s login to a remote application server", then we should not forger VPN and RDP. Also, the VPN is already set up

Your modem does not support PORT translate, so in oder to remote control 4PC, you must adjust the listening port of VNC and RDP on each machine. (ie 3389 3390 3391 3392 ; 5900 5901 59020 5903

On each computer :
1.How to change listening port in VNC : go to the Tight VNC programe configure, then seek for some looks like : Listenning port 5900, then alter
2.How to change default RDP port : http://support.microsoft.com/default.aspx?scid=kb;en-us;306759

On your router : open SUA for these ports to exactly 4 computers ( ie 3389 -> 192.168.31.1, 5900 ->192.168.31.1; 3390 ->192.168.31.2 ,  5901 -> 192.168.31.2....)
0
 
cvmanziraPresidentAuthor Commented:
ok eb that sounded like a great solution until I tried to create a tunnel. I have  tunnel one configured to connect to a remote application server.

I configured vpn 2 as follows:

 --------------------------------------------------------------------------------
 Active  = Yes    Nailed-Up   NAT Traversal
   
 Name                                             XXXXXXXXXX
 Key Management                             IKE    
 Negotiation Mode                            Main  

--------------------------------------------------------------------------------
 
--------------------------------------------------------------------------------
Local  
   Client to Site                            0.0.0.0
      Local IP Address                   -----------
   Site to Site  
     Address Type  Range AddressSubnet Address  
      Starting IP Address    
    Ending IP Address / Subnet Mask  

--------------------------------------------------------------------------------
Remote  
  Address Type  Single AddressRange AddressSubnet Address     0.0.0.0
 Starting IP Address                                                                 ----------
 Ending IP Address / Subnet Mask  

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Authentication Method  
  Pre-Shared Key                         xxxxxxxx
                                                 -----------
 
--------------------------------------------------------------------------------
 
Encapsulation Mode                                Tunnel

 

--------------------------------------------------------------------------------
 --------------------------------------------------------------------------------
 ESP      
Encryption Algorithm                         DES  
 Authentication Algorithm                  MD5


On the client side I have created a VPN connection and configured IPSEC according to above settings with a preshared key. I cannot seem to go through the router. I have also tried authentication and created a username and password
0
 
Erik BjersPrincipal Systems AdministratorCommented:
Unfortunatly I am not farmilure with VPN setup on your device, you may want to concider contacting the manufactur for assistance in seting up the VPN.  

I will look over the manual and see if I can figure anything out

eb
0
 
cvmanziraPresidentAuthor Commented:
I abandoned opening a port and instaed bought Zyxel VPN client and that worked, for some reason the WinXP VPN refused to connect

Thanks
0
 
Rick HobbsRETIREDCommented:
Good to hear.  Usually the client made by the maufacturer is the easiest solution.  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.