parmor
asked on
Need to Purchase a Router for Port Forwarding (Remote Desktop) with at around 150 rules
We have multiple routers that have a limit of 50 Rules to allow us to port forward users to their internal computers using Remote Desktop. I guess it is called Port Address Translation. We would like to move to 1 Single Router.
We are not a large company so we have a need for a relatively inexpensive Router that allows at least 100 (hopefully much more) rules for forwarding.
Part of the problem is we have many users that use VNC and remote desktop totally 3 ports per user. The reasons don't really matter other than we use both and with VNC it uses 2 ports (vnc viewer 59xx and internet explorer 58xx) plus the one port for Remote Desktop.
Does any know of a relatively inexpensive solution that would meet our needs? Our current routers are in the range of $400.
We have looked at the Cisco SA 520 but it has a limit of 100. We are using around 90 right now and I need room for expansion.
Thank you
We are not a large company so we have a need for a relatively inexpensive Router that allows at least 100 (hopefully much more) rules for forwarding.
Part of the problem is we have many users that use VNC and remote desktop totally 3 ports per user. The reasons don't really matter other than we use both and with VNC it uses 2 ports (vnc viewer 59xx and internet explorer 58xx) plus the one port for Remote Desktop.
Does any know of a relatively inexpensive solution that would meet our needs? Our current routers are in the range of $400.
We have looked at the Cisco SA 520 but it has a limit of 100. We are using around 90 right now and I need room for expansion.
Thank you
Much easier solution would be to get a VPN in place or a router that supports it. This way you would not have a need for opening multiple ports per user - actually you would open NO ports per user at all. Not to mention it is MUCH more secure and simpler to manage.
Cláudio Rodrigues
Citrix CTP
Cláudio Rodrigues
Citrix CTP
ASKER
Thanks for the suggestions.
It would be better with Terminal Server or Citrix but those licenses can be costly (much more than a router).
The problem with VPN in our instance is our sales reps provide live demos of our software (hence the need for VNC -free) so potential customers connect to the sales reps workstations to view the demo.
It would be better with Terminal Server or Citrix but those licenses can be costly (much more than a router).
The problem with VPN in our instance is our sales reps provide live demos of our software (hence the need for VNC -free) so potential customers connect to the sales reps workstations to view the demo.
ASKER
Our budget would be around $1000 if that makes a difference.
I think you did not understand what I mentioned.
If you have a VPN in place, your sales reps would connect to the VPN and then launch VNC or RDP, whatever they want.
So from their perspective it all works as before.
The main difference is you do NOT need to turn your firewall into some sort of Swiss Cheese. Simple as that.
Cláudio Rodrigues
Citrix CTP
If you have a VPN in place, your sales reps would connect to the VPN and then launch VNC or RDP, whatever they want.
So from their perspective it all works as before.
The main difference is you do NOT need to turn your firewall into some sort of Swiss Cheese. Simple as that.
Cláudio Rodrigues
Citrix CTP
ASKER
thanks Claudio. Sorry, I still don't "get" it I guess. I don't fully understand how VPNs work. I thought they were used to access files through a secure tunnel.
If the Sales Rep is working from home and needs to provide a demo on their workstation in the office how does that work?
If the Sales Rep is working from home and needs to provide a demo on their workstation in the office how does that work?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I will spend some time looking at it. I know our Router does have VPN capabilities (RV016 and RV082 by linksys/cisco).
thanks
thanks
No problem.
All your guys would do is connect to the VPN from their PCs. Windows XP for example has built-in support for that and it is very easy to use.
The VPN client would ask for their username/password and of course the server where the VPN is (some routers can be the VPN server) and once the connection is established they would work as if they were at the office. They would launch RDP or VNC and connect directly to the internal IP address of their computers at the office.
If you have a Windows Server 2000 or 2003 at your office you can set it up to be the VPN Server (by simply installing something called RRAS) - all this at no cost. Then simply configure your existing router to forward two or three ports to the VPN Server and you are all set.
This means no need to buy another router or anything else.
Cláudio Rodrigues
Citrix CTP
All your guys would do is connect to the VPN from their PCs. Windows XP for example has built-in support for that and it is very easy to use.
The VPN client would ask for their username/password and of course the server where the VPN is (some routers can be the VPN server) and once the connection is established they would work as if they were at the office. They would launch RDP or VNC and connect directly to the internal IP address of their computers at the office.
If you have a Windows Server 2000 or 2003 at your office you can set it up to be the VPN Server (by simply installing something called RRAS) - all this at no cost. Then simply configure your existing router to forward two or three ports to the VPN Server and you are all set.
This means no need to buy another router or anything else.
Cláudio Rodrigues
Citrix CTP
Oh check this link. It will give you a great head start on how to do that on your routers!
http://www.equinux.com/cms_components/media/vpnt/VPNT_Interop_Howtos/83/Linksys_RV_Series-4-EN.pdf
Cláudio Rodrigues
Citrix CTP
http://www.equinux.com/cms_components/media/vpnt/VPNT_Interop_Howtos/83/Linksys_RV_Series-4-EN.pdf
Cláudio Rodrigues
Citrix CTP
ASKER
I don't know where to begin with VPNs
ASKER
Excellent Claudio! That is exactly what I need to read.
Thank you!
Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am going to setup a new Win 2003 Server strictly for VPN do you know what version of Win 2003 I would need?
Any will do it (Standard, Enterprise, etc).
Cláudio Rodrigues
Citrix CTP
Cláudio Rodrigues
Citrix CTP
ASKER
never mind I found the version info. I need at least Standard.
ASKER
What ports Do I open and forward on my Router after I setup RRAS?
ASKER
I am forwarding_L2TP (UDP/1701), PPTP (TCP/1723) and IPSec (UDP/500)
Are those the only ones?
Are those the only ones?
ASKER
OK I have it working but I have a few more question. Do I need to create a new question or can I continue to use this?
We have a Windows 2000 AD: How do I run my scripts when I connect in through the VPN?
If I manually run it they don't work because of DNS issues.
Ie in the script I have something similiar to the following:
@net use t: \\Server1\public
@net use h: \\Server2\crm
The only way to get it to work at home is if I use the IP address but I don't really want to have to change every script
Running Apps seems kind of slow. At home I have a 12mbps up/4mbps down and at work we have a 6 mbps conenction (4 bonded T1s)
We have a Windows 2000 AD: How do I run my scripts when I connect in through the VPN?
If I manually run it they don't work because of DNS issues.
Ie in the script I have something similiar to the following:
@net use t: \\Server1\public
@net use h: \\Server2\crm
The only way to get it to work at home is if I use the IP address but I don't really want to have to change every script
Running Apps seems kind of slow. At home I have a 12mbps up/4mbps down and at work we have a 6 mbps conenction (4 bonded T1s)
The problem now is probably WINS. You need to have WINS loaded and then on the DHCP server set the IP address of the WINS server. You can add that to the DNS server using Control Panel | Add/Remove Programs | Windows Components from what I remember.
Well RDP should work extremely well over the VPN. VNC on the other hand sucks big time.
Is RDP really slow?
Cláudio Rodrigues
Citrix CTP
Well RDP should work extremely well over the VPN. VNC on the other hand sucks big time.
Is RDP really slow?
Cláudio Rodrigues
Citrix CTP
ASKER
Ok will add WINS (thought it was)
I wasn't running RDP or VNC I was just running an app from the manually mapped drive.
I wasn't running RDP or VNC I was just running an app from the manually mapped drive.
ASKER
RDP is working well and I am able to connect to the internal Computers via IP but cannot use PC Names.
I can ping internal IPs from my home but it doesn't find any of the host names.
I have WINS installed (it already was) but I am not sure if it is configured properly.
I can ping internal IPs from my home but it doesn't find any of the host names.
I have WINS installed (it already was) but I am not sure if it is configured properly.
then is a dns problem: check if the client receive the internal dns server address, if not configure the VPN server to give these to the client.
ASKER
I get all of the correct addreses, ip, subnet, gateway , dns- and dns 2
I think we need to setup another question now as this is either a DNS or WINS issue (could be a port in the firewall as well - I will compare with the one I have at home and will post here).
Cláudio Rodrigues
Citrix CTP
Cláudio Rodrigues
Citrix CTP
I have all the ports you have plus GRE (TCP 47) forwarded to the RRAS box.
Cláudio Rodrigues
Citrix CTP
Cláudio Rodrigues
Citrix CTP
ASKER
ahh. that could be it. If that works I will be done if not I will create a new question.
Thanks
Thanks
ASKER
tsmvp: Thank you very much. You were extremely helpful in me getting this up and running
The draytek 2900 Series routers allow 200 Port forward rules.
See Here
http://www.draytek.co.uk/products/vigor2910.html
Well within your budget.