Solved

Remote Desktop Access or VNC behind corporate firewall

Posted on 2007-03-28
17
923 Views
Last Modified: 2013-11-30
Hello I am IT manager and providing consultancy to many clients is there any way I can have Remote Desktop Access or VNC or a VPN solution behind a corporate firewall
0
Comment
Question by:saleemz
  • 8
  • 7
17 Comments
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You can set up both but you need to reconfigure the firewall. A couple of options that do not require changes at the client site are a 3rd party tool Log Me In:
http://www.logmein.com

Another option is UltraVNC with their "Single Click" option. With this configuration you create a custom little file, less than 200kb, which you make available to, or e-mail to, your clients. It contains your site IP information, your custom company logo, if you like, and if you wish an expiry date. The client clicks on the file and it starts a connection which you click on the notification to approve. You can then take control of the remote machine to service or train the remote user. Nothing is installed on the client machine, and once closed you cannot connect again, until the user clicks on the file. If you want to be able to initiate the session at any time without user intervention, this is not a good option, but clients like it as it gives them the security of knowing you have to be "invited". No firewall reconfiguration at the client site is necessary, and the application/s are free.
http://www.uvnc.com/addons/singleclick.html
http://www.uvnc.com
0
 

Author Comment

by:saleemz
Comment Utility
hello Rob
thanks for your help i think I will need uvnc solution. But I am having trouble installing the singleclick
I have installed uvnc on my computer and have downloaded cutom.zip from singleclick website. Not sure what to do next
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
saleemz, there are several steps to this. Rather than typing it all out have a look at the Single Click Forum, they have a lot of useful information and tips.
http://forum.ultravnc.info/viewforum.php?f=15&sid=262a9aa55a4ad26da7e91e749f6fcc22
In particular, very good set up document here:
http://freehost04.websamba.com/duckware/doc/Ultravncscrouterstepbystep.pdf
Let us know how you make out. Glad to help out if you are stuck.
--Rob
0
 

Author Comment

by:saleemz
Comment Utility
Hi Rob
I have followed the instructions of UVNC pdf you suggested. The problem is as I am behind the corporate firewall I dont have access to the router.
Although I have a static IP addresss. Is there anyway I can run UVNC. Can I send the my custom.zip file
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
If you cannot control your own firewall you are out of luck. I'm afraid it won't work, you need to be able to forward the VNC traffic your your PC.
The concept is the program is designed for support personnel. As a rule they can control the firewall or part of  team that can.
0
 

Author Comment

by:saleemz
Comment Utility
Thanks Rob for your help
I will try to contact the ISP and Firewall people. Can you please let me know what do i have to explain to them.eg what ports to open, or where to forward the traffic.
Sorry for being a pain.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Not a pain at all. Glad to help.
All you need is to have the firewall/router configured to forward port 5500 TCP traffic to the PC you wish to use for accessing the client machines, likely your computer.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:saleemz
Comment Utility
Hi Rob
I sent this email to IT support
As discussed I am installing UltraVNC on my computer, to provide IT support to staff onsite (Kwinana, Bassendean etc). To set up UltraVNC I need is to have the firewall/router configured to forward port 5500 TCP traffic to one of my 2 PCs
 
I have two PCs
1) 192.168.147.1 - connected
2) 203.215.139.210 (Static IP)
---------------------------------------------------------------------------------------------------------------------
AND THERE RESPONSE WAS THIS

We dont actually do any port forwarding. For you to access PCs via VNC he will need to do it to his computer with the public address and access VNC on that address.

--------------------------------------------------------------------------------------------------------------------
What do u think I should do now?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
You would have to explain that this is a "special" version of VNC. Your IT folk are quite right in that all "normal" versions of VNC, would require as they stated; "he will need to do it to his computer".
Normally, on your end you initiate the connection so it is out-going from your site. Most firewalls allow all outgoing connections without any modifications. The fact that it would then be incoming on the remote site means that they need to create a forwarding rule on their router/PC. VNC has been around for a long time, with a multitude of "flavors", and this is the way it has always been.

However, with SingleClick, a "special" version of VNC, the client initiates the connection with the file you send them. Thus it is an outgoing connection for the client and there is no need for them to modify their router as a result. This is the beauty of SingleClick. But, it is an incoming connection for you, so your end requires port forwarding.
Having said that, it is up to your IT department as to whether they wish to allow this. Any time you forward a port, though not a huge security risk, there are risks. Kind of like putting a locked door in a concrete wall. Still secure, but not as much so as before the door was installed and it was solid concrete.

I see you have 1 PC with a public/static IP 203.215.x.x  Have you tried using that PC and IP to configure SingleClick. Depending how it is firewalled you might not need modifications.

0
 

Author Comment

by:saleemz
Comment Utility
Hi Rob I will try to install it on my static IP do u think it will work. I manage the firewall on it so it should be ok what do u think?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
A router performs NAT (Network Address Translation) so you need to forward incoming traffic to the appropriate PC. If you have a static IP all traffic should be coming directly to your PC, however assume there is some sort of firewall in place protecting the PC. I would think simply adjusting your firewall for TCP port 5500 to allow traffic. Again if you have IT staff responsible for managing your network perimeter you should have their approval first.
0
 

Author Comment

by:saleemz
Comment Utility
I am managing the static IP using windows firewall. I will try to open the port. Do you have a link on how to do it using windows firewall
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
If it is the windows firewall go to:
control panel | windows firewall | exceptions | add a port | Name it SC VNC, or similar, check TCP and enter port 5500 | click on change scope, and check "any computer"  | and save.
0
 

Author Comment

by:saleemz
Comment Utility
Hi Rob.
My firewall is saying "for your security some settings are controlled by group policy". I have static IP address. I am logged in as Administrator.

If that doenst work should i try wireless broadband
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
Comment Utility
Then Group Policy for the company has control of the firewall and you cannot create a firewall exception. Whoever manages the domain controllers would have to manage that.
Wireless is fine as well, but again you need to enable port forwarding on the wireless router.
Perhaps a service like  http://www.logmein.com would be better in your case where it is difficult to configure either router.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now