Solved

How do I access computers inside network using zywall 2 vpn router

Posted on 2006-07-15
11
653 Views
Last Modified: 2013-11-29
I have a Zywall 2 VPN router that connects my internal network to the internet. I do not have a server, just 12 w/s. The w/s login to a remote application server which is connected by a VPN tunnel. The tunnel is router to router.

My problem is that 4 users want to connect to the remote server from their houses as well. I have thought of allocating certain w/s in the network to be connected from the houses using Remote desktop or tight VNC. However I can only open one 3389 or 5900 port and foward to one workstation.

How can I access more than one computer through the router?
0
Comment
Question by:cvmanzira
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 3
  • +1
11 Comments
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116143
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17116145
P.S. you want your remot users to VPN into the network then they will be part of the network and can access all network resources and control any computer with RDP (remote desktop protocal) enabled.

eb
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17116217
If those four users have desktops at the office, you might want to consider logmein.  www.logmein.com  It is a browser based secure client that is free for basic use.  If you just need to run the app, it would be perfect.  If you want to be able to print and such remotely, I believe you have to subscribe to the full client.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 

Author Comment

by:cvmanzira
ID: 17116602
I had downloaded the manual already

I have configured SUA testing purposes as follows:

#    active       name   start port            end port               server ip address
--   -------      --------   ----------------    -----------------      -----------------------
1    yes           rdt        3389                 3389                    192.168.31.x
2    yes           vnc       5900                 5900                    192.168.31.xx


Address Mapping

#    Local start ip      local end ip            global start port         global end ip         type
--   ---------------      --------------           ------------------         --------------          -------
1    192.168.31.x      n/a                       xx.xxx.xx.xx               n/a                       1-1
2    192.168.31.xx     n/a                      xx.xxx.xx.xx               n/a                        1-1
3    192.168.31.xxx   n/a                      xx.xxx.xx.xx               n/a                         1-1


i opened firewall settings for tcp and udp

when i try to remote with RDT i have tried xx.xxx.xx.xx
i also tried xx.xxx.xx.xx:3389  without success

for tightvnc i tried server address xx.xxx.xx.xx:5900
i also tried xx.xxx.xx.xx:2 hoping that # 2 is tranlated at a port

any suggestions?


thanks
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17117199
forget allowing rdp and vnc, create a VPN read section 6

A VPN will allow your user to connect securley to the network and ACCESS ALL NETWORK RESOURCES, once they are connected to the VPN they can just go to the internal hosts by internal IP 192.168.31.x

YOu alredy have everything you need for this, most secure way of doing what you want.

eb
0
 
LVL 7

Expert Comment

by:nttranbao
ID: 17117711
since the question indicates "The w/s login to a remote application server", then we should not forger VPN and RDP. Also, the VPN is already set up

Your modem does not support PORT translate, so in oder to remote control 4PC, you must adjust the listening port of VNC and RDP on each machine. (ie 3389 3390 3391 3392 ; 5900 5901 59020 5903

On each computer :
1.How to change listening port in VNC : go to the Tight VNC programe configure, then seek for some looks like : Listenning port 5900, then alter
2.How to change default RDP port : http://support.microsoft.com/default.aspx?scid=kb;en-us;306759

On your router : open SUA for these ports to exactly 4 computers ( ie 3389 -> 192.168.31.1, 5900 ->192.168.31.1; 3390 ->192.168.31.2 ,  5901 -> 192.168.31.2....)
0
 

Author Comment

by:cvmanzira
ID: 17117788
ok eb that sounded like a great solution until I tried to create a tunnel. I have  tunnel one configured to connect to a remote application server.

I configured vpn 2 as follows:

 --------------------------------------------------------------------------------
 Active  = Yes    Nailed-Up   NAT Traversal
   
 Name                                             XXXXXXXXXX
 Key Management                             IKE    
 Negotiation Mode                            Main  

--------------------------------------------------------------------------------
 
--------------------------------------------------------------------------------
Local  
   Client to Site                            0.0.0.0
      Local IP Address                   -----------
   Site to Site  
     Address Type  Range AddressSubnet Address  
      Starting IP Address    
    Ending IP Address / Subnet Mask  

--------------------------------------------------------------------------------
Remote  
  Address Type  Single AddressRange AddressSubnet Address     0.0.0.0
 Starting IP Address                                                                 ----------
 Ending IP Address / Subnet Mask  

--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
Authentication Method  
  Pre-Shared Key                         xxxxxxxx
                                                 -----------
 
--------------------------------------------------------------------------------
 
Encapsulation Mode                                Tunnel

 

--------------------------------------------------------------------------------
 --------------------------------------------------------------------------------
 ESP      
Encryption Algorithm                         DES  
 Authentication Algorithm                  MD5


On the client side I have created a VPN connection and configured IPSEC according to above settings with a preshared key. I cannot seem to go through the router. I have also tried authentication and created a username and password
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17118056
Unfortunatly I am not farmilure with VPN setup on your device, you may want to concider contacting the manufactur for assistance in seting up the VPN.  

I will look over the manual and see if I can figure anything out

eb
0
 
LVL 22

Accepted Solution

by:
Rick Hobbs earned 500 total points
ID: 17118163
The manual gives you step by step starting, I believe, in section 14.18.
0
 

Author Comment

by:cvmanzira
ID: 17202704
I abandoned opening a port and instaed bought Zyxel VPN client and that worked, for some reason the WinXP VPN refused to connect

Thanks
0
 
LVL 22

Expert Comment

by:Rick Hobbs
ID: 17203264
Good to hear.  Usually the client made by the maufacturer is the easiest solution.  Thanks!
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Make the most of your online learning experience.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question