Do I need a VPN?

Posted on 2010-01-04
Last Modified: 2012-05-08
Dear Experts,

I need a solution for this issue:
I'm operating a database that uses a port in my Server that needs to be accessed from outside the organisation.

The problem is:
The server (Windows XP Based) is located under a router, and the server's IP inside this internal department router is:

The router get's it's internet connection from the organisation local network, and the IPs that the router gets are:

I DO NOT have any way to control the organisation LAN configurations, but I can change my router configuration.

Now, I have to access my server's database from the internet, outside the organisation.
We do not have any VPN solution installed.

Is there any kind of solution that I can use that can solve my issue?
For example, I use Logmein to access my server from remote, and there are no problem doing that...
So I guess that there is some kind of solution that I can install on my server in order to have access from outside...

Please you advice,
Doron Tal

Question by:doront99
    LVL 12

    Expert Comment

    Hi there;

    Your best option is to set up a VPN connection. This will allow you to remote into any machine just as if you were on the network.

    A less secure option would be to just set up port forwarding to your router to point to the machine you want to remote into.

    You can use Logmein as you said in your question, also you can use UltrVNC or PCAnywhere or Radmin.

    If both machine are Windows machine then Remote desktop connection is a reliable option.

    Best regards.


    Author Comment

    None of them are good for me since they are Remote Desktop like solution.
    I don't need to see my screen... I need to let my database client software to connect to the database server.
    The client machine is somewhere outside the local network, and it needs to connect to the server that exists inside an organisation network.

    Please advice,
    LVL 6

    Accepted Solution

    Given what you have described, it can't be done. Your setup is like a large office building with a doorkeeper downstairs (org router) and a receptionist on your floor (dept router). A stranger appearing at the front door, trying to get to your office (server) will not be admitted by the doorkeeper, even if you have told the floor receptionist to let him in. LogMeIn cheats - it's like you going downstairs and standing outside the building, so that when the stranger shows up you can escort him personally into your office.
    So, we have to bend one of your conditions:
    Solution one - ask your organization to set up a conduit from the outside world to your departmental router, then pipe it through your router to your server.
    Solution two - use a remote control solution like LogMeIn to allow users on the internet to connect to a workstation on the same network as your server - they then run the database from the slave machine.
    Solution three - put the database out on the internet (hosted, with appropriate security)
    LVL 3

    Expert Comment

    LogmeIn gets access because it uses port 80 which is required for any computer to surf the internet. Port 80 must be open, along with 443 for secure ssl connections.  Your only option that I can think of is similar to what I run at home.  Because you are behind 2 routers, one with a subnet of 192.168.1.x and its behind the router you can't forward a port directly to your server. So the only option left is a proxy service that would provide outside dns address to your server. These services have a client program that runs on your server that 'tells' the outside dns server company what the route is to get to your server.  Look into easydns, opendns and other companies that provide this service.  Once its setup, you only have to load the client software that will 'talk' to the dns service you provide.  From there, you could set it up for vpn access only, but be careful as most vpn software requires ports that may not pass through your network routers. OpenVpn will.  But its tricky to setup.  As far as remote desktop, NEVER use the default port of 3389 as it is constantly being scanned by hackers. Hope this isn't too much info at once.
    LVL 12

    Assisted Solution

    Well, for my case, I have done portforwarding to my router and I wrote program that sends my IP for every 10 minutes since my IP is dynamic. I don't know where my program is sadly.

    But you can write some similar program, I have used blat mail sender and I associate blat with my program that parses and I have successfully connected to my machine via remote desktop connection.

    Best regards.
    LVL 3

    Assisted Solution

    Since we don't know the skill level of the author, I am suggesting easy solutions to provide access through 2 routers. As stated, they have no access to the 'internet' router which is the gateway for the first router, therefore port forwarding from this one is not possible.  The easiest and best solution is a proxy service with client software that is usually free.  Why write when its free?  Also the proxy/dns solution will give thier server a domain name that is usable on the internet making it much easier to access from the outside.   As for remote desktop, its very simple and very dangerous. I have set many computers up with it over the years and been forced to change the default port as the computer becomes infected in worse case, or under repeated attack in the least.  For simple database access, a vpn may become necessary because of security, but you may get by with a simple port change on the server instead.  Once I setup the proxy/dns, I would get access working before proceeding with a vpn.  Even with this going, you will probably have to set your server port to something that must always be allowed from 'outside' the network for surfing.  This would be ports 80, 443, 53, 25, 110.  If you have the option of initiating the connection from inside your network, you can probably use any port you wish but that is not what you indicated.
    Hope this helps :)

    Author Closing Comment

    Thanks, I guess it can not be done :(

    I will try to solve it with the system administrator...

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Join & Write a Comment

    I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
    Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now