How to access Lan from remote without opening ports in firewall

Posted on 2006-10-19
Last Modified: 2010-03-17
Hi,  This is a general question, and I hope it is in the correct area.  

I am looking for a software/hardware product that will allow my remote site and some remote users to access my Lan without having to use VPN technology which requires opening ports in the firewall.  I have a basic NAT firewall and wanted to know if there is a product that could send packets past the firewall without opening ports.

Has anyone heard of such an animal?  I am starting to look at UPnP, so any insight into that would be helpful


Question by:mstefani
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
LVL 22

Accepted Solution

p_davis earned 64 total points
ID: 17771048
webex utilizes port 80 -- is the remote site going to at least have an internet connection (cable or dsl)--if so you would not have to open any more ports.--but someone would have to  accept the session and someone would have to start.
LVL 31

Assisted Solution

moorhouselondon earned 62 total points
ID: 17771888

This is a solution where you do not need to open anything on your firewall.  It is a subscription service, but it is very reliable indeed, and fast too.  Only thing you need to remember is to leave the pc switched on overnight.  The only snag is that only one person can control a given pc at any one time.
LVL 20

Assisted Solution

ElrondCT earned 62 total points
ID: 17773618
Note that both WebEx (which I personally use) and GoToMyPC, and I think there are a few other similar systems, aren't connecting directly to the LAN; they're connecting to a specific computer. They take over the computer, and can do anything that the computer can do if operated locally. But that means that no one locally can use the computer to do other things. PCAnywhere operates similarly, except that it's a direct computer-to-computer connection rather than running through a web site. (Since it doesn't require a host web site, the cost is a one-time purchase, rather than a monthly fee.)

I'm not familiar with methods other than VPN that will allow you to connect to the underlying LAN without taking over a PC. That doesn't mean they're not out there, but neither of these options will do it. I do think, however, that anything that is externally initiated would have to open a port in some way. Solutions like WebEx don't require modifying your firewall because they actually run as programs on a local PC, so the firewall sees it as an outgoing connection, not incoming. But I don't know of anything like WebEx that simply operates a background connection to the LAN. That said, WebEx and GoToMyPC both offer file transfer capabilities which run basically in background (someone else can use the PC while the transfer is in process). If you just want to be able to transfer files, those would be sufficient. But if you want to be able to use disks on the LAN like normal disks (you open a remote file using a program on your local PC, and when you save the changes, they're in the original location), that's beyond them.
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!


Author Comment

ID: 17774456
Thanks for the input so far.

Clarification:  I am thinking of something, like a device, that sits on my remote office lan, and a device that sits on my local lan and they communicate traffic back and forth without having to open a port in the firewall.  This would be like a vpn but without having to worry about a hacker intruding on a vulnerability in the firewall.  The vpn hardware would be behind the firewall.

Am I just dreaming that anything like this could/does exist?  I am trying to be overly secure with this wan.
LVL 22

Expert Comment

ID: 17774898
why not just do a dedicated t1 (if you can afford)can't get much more secure than that
LVL 31

Expert Comment

ID: 17775190
There are a few companies that offer Backup services that use this kind of technique.

Author Comment

ID: 18107744
Update:  A user in another section of this site suggested Hamachi.  It looks like the ticket.  Thought I would let you know.
LVL 27

Assisted Solution

pseudocyber earned 62 total points
ID: 18406896
... or an SSL VPN.  There are devices which are VPN concentrators that use SSL instead of IPSEC.  Since 443 is usually open in a firewall, there usually isn't any further firewall configuration that needs to be done.

Take a look at the Cisco ASA.

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question