Remote Desktop Access or VNC behind corporate firewall

Hello I am IT manager and providing consultancy to many clients is there any way I can have Remote Desktop Access or VNC or a VPN solution behind a corporate firewall
saleemzAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rob WilliamsCommented:
You can set up both but you need to reconfigure the firewall. A couple of options that do not require changes at the client site are a 3rd party tool Log Me In:
http://www.logmein.com

Another option is UltraVNC with their "Single Click" option. With this configuration you create a custom little file, less than 200kb, which you make available to, or e-mail to, your clients. It contains your site IP information, your custom company logo, if you like, and if you wish an expiry date. The client clicks on the file and it starts a connection which you click on the notification to approve. You can then take control of the remote machine to service or train the remote user. Nothing is installed on the client machine, and once closed you cannot connect again, until the user clicks on the file. If you want to be able to initiate the session at any time without user intervention, this is not a good option, but clients like it as it gives them the security of knowing you have to be "invited". No firewall reconfiguration at the client site is necessary, and the application/s are free.
http://www.uvnc.com/addons/singleclick.html
http://www.uvnc.com
0
saleemzAuthor Commented:
hello Rob
thanks for your help i think I will need uvnc solution. But I am having trouble installing the singleclick
I have installed uvnc on my computer and have downloaded cutom.zip from singleclick website. Not sure what to do next
0
Rob WilliamsCommented:
saleemz, there are several steps to this. Rather than typing it all out have a look at the Single Click Forum, they have a lot of useful information and tips.
http://forum.ultravnc.info/viewforum.php?f=15&sid=262a9aa55a4ad26da7e91e749f6fcc22
In particular, very good set up document here:
http://freehost04.websamba.com/duckware/doc/Ultravncscrouterstepbystep.pdf
Let us know how you make out. Glad to help out if you are stuck.
--Rob
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

saleemzAuthor Commented:
Hi Rob
I have followed the instructions of UVNC pdf you suggested. The problem is as I am behind the corporate firewall I dont have access to the router.
Although I have a static IP addresss. Is there anyway I can run UVNC. Can I send the my custom.zip file
0
Rob WilliamsCommented:
If you cannot control your own firewall you are out of luck. I'm afraid it won't work, you need to be able to forward the VNC traffic your your PC.
The concept is the program is designed for support personnel. As a rule they can control the firewall or part of  team that can.
0
saleemzAuthor Commented:
Thanks Rob for your help
I will try to contact the ISP and Firewall people. Can you please let me know what do i have to explain to them.eg what ports to open, or where to forward the traffic.
Sorry for being a pain.
0
Rob WilliamsCommented:
Not a pain at all. Glad to help.
All you need is to have the firewall/router configured to forward port 5500 TCP traffic to the PC you wish to use for accessing the client machines, likely your computer.
0
saleemzAuthor Commented:
Hi Rob
I sent this email to IT support
As discussed I am installing UltraVNC on my computer, to provide IT support to staff onsite (Kwinana, Bassendean etc). To set up UltraVNC I need is to have the firewall/router configured to forward port 5500 TCP traffic to one of my 2 PCs
 
I have two PCs
1) 192.168.147.1 - connected
2) 203.215.139.210 (Static IP)
---------------------------------------------------------------------------------------------------------------------
AND THERE RESPONSE WAS THIS

We dont actually do any port forwarding. For you to access PCs via VNC he will need to do it to his computer with the public address and access VNC on that address.

--------------------------------------------------------------------------------------------------------------------
What do u think I should do now?
0
Rob WilliamsCommented:
You would have to explain that this is a "special" version of VNC. Your IT folk are quite right in that all "normal" versions of VNC, would require as they stated; "he will need to do it to his computer".
Normally, on your end you initiate the connection so it is out-going from your site. Most firewalls allow all outgoing connections without any modifications. The fact that it would then be incoming on the remote site means that they need to create a forwarding rule on their router/PC. VNC has been around for a long time, with a multitude of "flavors", and this is the way it has always been.

However, with SingleClick, a "special" version of VNC, the client initiates the connection with the file you send them. Thus it is an outgoing connection for the client and there is no need for them to modify their router as a result. This is the beauty of SingleClick. But, it is an incoming connection for you, so your end requires port forwarding.
Having said that, it is up to your IT department as to whether they wish to allow this. Any time you forward a port, though not a huge security risk, there are risks. Kind of like putting a locked door in a concrete wall. Still secure, but not as much so as before the door was installed and it was solid concrete.

I see you have 1 PC with a public/static IP 203.215.x.x  Have you tried using that PC and IP to configure SingleClick. Depending how it is firewalled you might not need modifications.

0
saleemzAuthor Commented:
Hi Rob I will try to install it on my static IP do u think it will work. I manage the firewall on it so it should be ok what do u think?
0
Rob WilliamsCommented:
A router performs NAT (Network Address Translation) so you need to forward incoming traffic to the appropriate PC. If you have a static IP all traffic should be coming directly to your PC, however assume there is some sort of firewall in place protecting the PC. I would think simply adjusting your firewall for TCP port 5500 to allow traffic. Again if you have IT staff responsible for managing your network perimeter you should have their approval first.
0
saleemzAuthor Commented:
I am managing the static IP using windows firewall. I will try to open the port. Do you have a link on how to do it using windows firewall
0
Rob WilliamsCommented:
If it is the windows firewall go to:
control panel | windows firewall | exceptions | add a port | Name it SC VNC, or similar, check TCP and enter port 5500 | click on change scope, and check "any computer"  | and save.
0
saleemzAuthor Commented:
Hi Rob.
My firewall is saying "for your security some settings are controlled by group policy". I have static IP address. I am logged in as Administrator.

If that doenst work should i try wireless broadband
0
Rob WilliamsCommented:
Then Group Policy for the company has control of the firewall and you cannot create a firewall exception. Whoever manages the domain controllers would have to manage that.
Wireless is fine as well, but again you need to enable port forwarding on the wireless router.
Perhaps a service like  http://www.logmein.com would be better in your case where it is difficult to configure either router.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.