Remote Desktop Access or VNC behind corporate firewall
Hello I am IT manager and providing consultancy to many clients is there any way I can have Remote Desktop Access or VNC or a VPN solution behind a corporate firewall
ASKER
hello Rob
thanks for your help i think I will need uvnc solution. But I am having trouble installing the singleclick
I have installed uvnc on my computer and have downloaded cutom.zip from singleclick website. Not sure what to do next
thanks for your help i think I will need uvnc solution. But I am having trouble installing the singleclick
I have installed uvnc on my computer and have downloaded cutom.zip from singleclick website. Not sure what to do next
saleemz, there are several steps to this. Rather than typing it all out have a look at the Single Click Forum, they have a lot of useful information and tips.
http://forum.ultravnc.info/viewforum.php?f=15&sid=262a9aa55a4ad26da7e91e749f6fcc22
In particular, very good set up document here:
http://freehost04.websamba.com/duckware/doc/Ultravncscrouterstepbystep.pdf
Let us know how you make out. Glad to help out if you are stuck.
--Rob
http://forum.ultravnc.info/viewforum.php?f=15&sid=262a9aa55a4ad26da7e91e749f6fcc22
In particular, very good set up document here:
http://freehost04.websamba.com/duckware/doc/Ultravncscrouterstepbystep.pdf
Let us know how you make out. Glad to help out if you are stuck.
--Rob
ASKER
Hi Rob
I have followed the instructions of UVNC pdf you suggested. The problem is as I am behind the corporate firewall I dont have access to the router.
Although I have a static IP addresss. Is there anyway I can run UVNC. Can I send the my custom.zip file
I have followed the instructions of UVNC pdf you suggested. The problem is as I am behind the corporate firewall I dont have access to the router.
Although I have a static IP addresss. Is there anyway I can run UVNC. Can I send the my custom.zip file
If you cannot control your own firewall you are out of luck. I'm afraid it won't work, you need to be able to forward the VNC traffic your your PC.
The concept is the program is designed for support personnel. As a rule they can control the firewall or part of team that can.
The concept is the program is designed for support personnel. As a rule they can control the firewall or part of team that can.
ASKER
Thanks Rob for your help
I will try to contact the ISP and Firewall people. Can you please let me know what do i have to explain to them.eg what ports to open, or where to forward the traffic.
Sorry for being a pain.
I will try to contact the ISP and Firewall people. Can you please let me know what do i have to explain to them.eg what ports to open, or where to forward the traffic.
Sorry for being a pain.
Not a pain at all. Glad to help.
All you need is to have the firewall/router configured to forward port 5500 TCP traffic to the PC you wish to use for accessing the client machines, likely your computer.
All you need is to have the firewall/router configured to forward port 5500 TCP traffic to the PC you wish to use for accessing the client machines, likely your computer.
ASKER
Hi Rob
I sent this email to IT support
As discussed I am installing UltraVNC on my computer, to provide IT support to staff onsite (Kwinana, Bassendean etc). To set up UltraVNC I need is to have the firewall/router configured to forward port 5500 TCP traffic to one of my 2 PCs
I have two PCs
1) 192.168.147.1 - connected
2) 203.215.139.210 (Static IP)
--------------------------
AND THERE RESPONSE WAS THIS
We dont actually do any port forwarding. For you to access PCs via VNC he will need to do it to his computer with the public address and access VNC on that address.
--------------------------
What do u think I should do now?
I sent this email to IT support
As discussed I am installing UltraVNC on my computer, to provide IT support to staff onsite (Kwinana, Bassendean etc). To set up UltraVNC I need is to have the firewall/router configured to forward port 5500 TCP traffic to one of my 2 PCs
I have two PCs
1) 192.168.147.1 - connected
2) 203.215.139.210 (Static IP)
--------------------------
AND THERE RESPONSE WAS THIS
We dont actually do any port forwarding. For you to access PCs via VNC he will need to do it to his computer with the public address and access VNC on that address.
--------------------------
What do u think I should do now?
You would have to explain that this is a "special" version of VNC. Your IT folk are quite right in that all "normal" versions of VNC, would require as they stated; "he will need to do it to his computer".
Normally, on your end you initiate the connection so it is out-going from your site. Most firewalls allow all outgoing connections without any modifications. The fact that it would then be incoming on the remote site means that they need to create a forwarding rule on their router/PC. VNC has been around for a long time, with a multitude of "flavors", and this is the way it has always been.
However, with SingleClick, a "special" version of VNC, the client initiates the connection with the file you send them. Thus it is an outgoing connection for the client and there is no need for them to modify their router as a result. This is the beauty of SingleClick. But, it is an incoming connection for you, so your end requires port forwarding.
Having said that, it is up to your IT department as to whether they wish to allow this. Any time you forward a port, though not a huge security risk, there are risks. Kind of like putting a locked door in a concrete wall. Still secure, but not as much so as before the door was installed and it was solid concrete.
I see you have 1 PC with a public/static IP 203.215.x.x Have you tried using that PC and IP to configure SingleClick. Depending how it is firewalled you might not need modifications.
Normally, on your end you initiate the connection so it is out-going from your site. Most firewalls allow all outgoing connections without any modifications. The fact that it would then be incoming on the remote site means that they need to create a forwarding rule on their router/PC. VNC has been around for a long time, with a multitude of "flavors", and this is the way it has always been.
However, with SingleClick, a "special" version of VNC, the client initiates the connection with the file you send them. Thus it is an outgoing connection for the client and there is no need for them to modify their router as a result. This is the beauty of SingleClick. But, it is an incoming connection for you, so your end requires port forwarding.
Having said that, it is up to your IT department as to whether they wish to allow this. Any time you forward a port, though not a huge security risk, there are risks. Kind of like putting a locked door in a concrete wall. Still secure, but not as much so as before the door was installed and it was solid concrete.
I see you have 1 PC with a public/static IP 203.215.x.x Have you tried using that PC and IP to configure SingleClick. Depending how it is firewalled you might not need modifications.
ASKER
Hi Rob I will try to install it on my static IP do u think it will work. I manage the firewall on it so it should be ok what do u think?
A router performs NAT (Network Address Translation) so you need to forward incoming traffic to the appropriate PC. If you have a static IP all traffic should be coming directly to your PC, however assume there is some sort of firewall in place protecting the PC. I would think simply adjusting your firewall for TCP port 5500 to allow traffic. Again if you have IT staff responsible for managing your network perimeter you should have their approval first.
ASKER
I am managing the static IP using windows firewall. I will try to open the port. Do you have a link on how to do it using windows firewall
If it is the windows firewall go to:
control panel | windows firewall | exceptions | add a port | Name it SC VNC, or similar, check TCP and enter port 5500 | click on change scope, and check "any computer" | and save.
control panel | windows firewall | exceptions | add a port | Name it SC VNC, or similar, check TCP and enter port 5500 | click on change scope, and check "any computer" | and save.
ASKER
Hi Rob.
My firewall is saying "for your security some settings are controlled by group policy". I have static IP address. I am logged in as Administrator.
If that doenst work should i try wireless broadband
My firewall is saying "for your security some settings are controlled by group policy". I have static IP address. I am logged in as Administrator.
If that doenst work should i try wireless broadband
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.logmein.com
Another option is UltraVNC with their "Single Click" option. With this configuration you create a custom little file, less than 200kb, which you make available to, or e-mail to, your clients. It contains your site IP information, your custom company logo, if you like, and if you wish an expiry date. The client clicks on the file and it starts a connection which you click on the notification to approve. You can then take control of the remote machine to service or train the remote user. Nothing is installed on the client machine, and once closed you cannot connect again, until the user clicks on the file. If you want to be able to initiate the session at any time without user intervention, this is not a good option, but clients like it as it gives them the security of knowing you have to be "invited". No firewall reconfiguration at the client site is necessary, and the application/s are free.
http://www.uvnc.com/addons/singleclick.html
http://www.uvnc.com