Solved

customer needs 5 employees to have remote access to 1 application on server08 box

Posted on 2009-05-04
7
313 Views
Last Modified: 2012-05-06
My company needs to implement a vpn solution for 5 employees to be able to access a landscaping software remotely.
The customer has a server 08 box
but don't have any domains setup nor do they want it setup exposed to the internet.

I've configured a Mikrotik router to act as a vpn server.
My questions is they don't seem to know if simply having a vpn will allow them access to the program.

Usually they just work onsite and can access the software on the lan.

Please i really need some help. My company doesn't want to have to support and changes to the server box as we didn't implement nor do we maintain it.
0
Comment
Question by:techguy1979
7 Comments
 
LVL 6

Expert Comment

by:jasin00
ID: 24295157
your best bet is to setup terminal server. server 08 is great for that. apps like quickbooks, sage software work best localy. you can make your TS web capale so your users can just open up rdp put in the Ts address and connect. you'll have to get certs of course and if you can I'd set it in a dmz. you can still have them vpn and then use rdp but it'll be a little slow.
0
 

Author Comment

by:techguy1979
ID: 24296373
unfortunately the customer's IT consultant doesn't want anyone to have access to the server directly for fear they may screw something up.
My first proposal to the customer was logmein.com on the server or RDP logmein and rdp isn't acceptable to customer they need 5-6 concurrent sessions and they dont want access to server where the application resides.
I spoke to the software vendor and they say the customer has a shortcut on their laptops when they are working locally they just use the shortcut and can run the software on the server without directly accessing the server how can i replicate this over a vpn connection?
0
 
LVL 2

Expert Comment

by:wvuser1
ID: 24296514
Well I wonder, if they have so overprotective IT consultant, that is so lazy that he better asks for a complicated tech than just create a pair of new users with customized rights (if he/she is so concerned about the evil that resides in people that work for this business..) for RDP session, if you should ask for appropirate final money, because this is then a request to engineer a new software..

(that would be: you would research the packets programm is sending when launched in LAN (by that shortcut you mentioned, and then write a programm to simulate them)

Still I would propose to follow jasin00's advice he just gave and to set up TS server.. and please read carefully about remoteApp

http://technet.microsoft.com/en-us/library/cc753844.aspx

(there about .rds files that an user could percieve just as another shortcut)
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 6

Expert Comment

by:jasin00
ID: 24297601
it would help if you listed the application in question.  maybe they have a stand alone installation they work with that syncs to a db once they touch the home network. How users can use an application without actually using it is a new one on me.
0
 

Author Comment

by:techguy1979
ID: 24304973
jasin
I spoke to the software vendor the software in question is called landpro
it is a software setup for landscaping businesses.
The software vendor said theres a database that resides on the server and the client laptops all have a shortcut on their laptop desktops. My concern is usually stuff of this nature usually relies on being able to access network share paths. which over the vpn we can't do.
tomorrow i go onsite and install the vpn router.
I know the vpn works i tested it last night.
However even with the pptp clients receiving addresses in same subnet as the remote server i can't figure out why it won't access the remote lan resources.
My VPN is configured is as follows
ether 1
Wan IP
66.X.X.X /24

ether 2
wlan
added to bridge1 interface

remote lan ip scheme
192.168.1.1 router lan gateway
192.168.1.0/24 ip address assigned to bridge1
DHCP
hands out 192.168.1.100-192.168.1.200

On the VPN router i setup each vpn user with the vpn local address of 192.168.1.230
then each vpn user's remote address is 192.168.1.240
then next user's remote address is 192.168.1.241
then next remote address = 192.168.1.242
all the way to .250

I can vpn in and can ping 192.168.1.1 remote lan gateway
i can ping google and other external sites and can even access internet using remote gateway.
I just can't figure out why the customer wouldn't be able to access the software sitting on the server 08 box this server box has an ip of 192.168.1.5

Please i could really use some help.
0
 
LVL 3

Accepted Solution

by:
mrodriques earned 500 total points
ID: 24313169
I'm going to make two assumptions.  They are:
1 - The people accessing the system from outside also access it from inside.
2 - They are running a Windows environment.

If both assumptions are correct all you need to do is give your client remote access to their own desktop from outside the LAN to access the application, and any other program they are running on their PC.
Remote Desktop Connection works fine for this.  All you need to do is get a block of dedicated IP's from the ISP and NAT them from the firewall.  If is a relatively easy solution, and keeps the clients away from the server.  Your RDP them to the firewall and then NAT them through.
0
 

Author Closing Comment

by:techguy1979
ID: 31577535
Thanks  I spoke to the software vendor and they say only scenario thev've seen work is setting up a beefed up xp machine on the remote lan running windows unlimited which would give them 5-10 concurrent terminal services sessions on the xp machine which would also have the software shortcut.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now