[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Need to Purchase a Router for Port Forwarding (Remote Desktop) with at around 150 rules

Posted on 2010-01-06
28
Medium Priority
?
515 Views
Last Modified: 2013-11-21
We have multiple routers that have a limit of 50 Rules to allow us to port forward users to their internal computers using Remote Desktop. I guess it is called Port Address Translation. We would like to move to 1 Single Router.

We are not a large company so we have a need for a relatively inexpensive Router that allows at least 100 (hopefully much more) rules for forwarding.  

Part of the problem is we have many users that use VNC and remote desktop totally 3 ports per user. The reasons don't really matter other than we use both and with VNC it uses 2 ports (vnc viewer 59xx and internet explorer 58xx) plus the one port for Remote Desktop.

Does any know of a relatively inexpensive solution that would meet our needs? Our current routers are in the range of $400.
We have looked at the Cisco SA 520 but it has a limit of 100.  We are using around 90 right now and I need room for expansion.

Thank you
0
Comment
Question by:parmor
28 Comments
 
LVL 7

Expert Comment

by:tharstern
ID: 26192818
Surely you would be better with a Terminal server or Citrix based solution?

The draytek 2900 Series routers allow 200 Port forward rules.

See Here

http://www.draytek.co.uk/products/vigor2910.html

Well within your budget.

0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26192927
Much easier solution would be to get a VPN in place or a router that supports it. This way you would not have a need for opening multiple ports per user - actually you would open NO ports per user at all. Not to mention it is MUCH more secure and simpler to manage.

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26193057
Thanks for the suggestions.

It would be better with Terminal Server or Citrix but those licenses can be costly (much more than a router).

The problem with VPN in our instance is our sales reps provide live demos of our software (hence the need for VNC -free) so potential customers connect to the sales reps workstations to view the demo.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:parmor
ID: 26193110
Our budget would be around $1000 if that makes a difference.
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26193145
I think you did not understand what I mentioned.
If you have a VPN in place, your sales reps would connect to the VPN and then launch VNC or RDP, whatever they want.
So from their perspective it all works as before.
The main difference is you do NOT need to turn your firewall into some sort of Swiss Cheese. Simple as that.

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26193186
thanks Claudio. Sorry, I still don't "get" it I guess. I don't fully understand how VPNs work. I thought they were used to access files through a secure tunnel.
If the Sales Rep is working from home and needs to provide a demo on their workstation in the office how does that work?
0
 

Assisted Solution

by:Runging
Runging earned 400 total points
ID: 26193313
Parmor,

If a user is connected via VPN it is as though he/she were in the office connected directly themselves.  They are given a local IP address within the office, and instead of opening hundreds of ports for each individual user, they would all login through the VPN, then use the computer within the office's IP to connect via VLC/Remote Desktop.

That would be a far superior solution, and your current hardware might allow this to work, depending on your configuration.
0
 

Author Comment

by:parmor
ID: 26193350
I will spend some time looking at it.  I know our Router does have VPN capabilities (RV016 and RV082 by linksys/cisco).

thanks
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26193358
No problem.
All your guys would do is connect to the VPN from their PCs. Windows XP for example has built-in support for that and it is very easy to use.
The VPN client would ask for their username/password and of course the server where the VPN is (some routers can be the VPN server) and once the connection is established they would work as if they were at the office. They would launch RDP or VNC and connect directly to the internal IP address of their computers at the office.
If you have a Windows Server 2000 or 2003 at your office you can set it up to be the VPN Server (by simply installing something called RRAS) - all this at no cost. Then simply configure your existing router to forward two or three ports to the VPN Server and you are all set.
This means no need to buy another router or anything else.

Cláudio Rodrigues
Citrix CTP
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26193409
Oh check this link. It will give you a great head start on how to do that on your routers!
http://www.equinux.com/cms_components/media/vpnt/VPNT_Interop_Howtos/83/Linksys_RV_Series-4-EN.pdf

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26193469
I don't know where to begin with VPNs
0
 

Author Comment

by:parmor
ID: 26193548
Excellent Claudio! That is exactly what I need to read.
Thank you!
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 1600 total points
ID: 26193590
To understand VPNs:
http://computer.howstuffworks.com/vpn.htm

Couple links for you on the Windows side of things (so you can learn):
http://www.youtube.com/watch?v=wpt2z3LA0dQ
http://articles.techrepublic.com.com/5100-10878_11-5805260.html

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26194342
I am going to setup a new Win 2003 Server strictly for VPN do you know what version of Win 2003 I would need?
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26194371
Any will do it (Standard, Enterprise, etc).

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26194400
never mind I found the version info. I need at least Standard.
0
 

Author Comment

by:parmor
ID: 26195562
What ports Do I open and forward on my Router after I setup RRAS?
0
 

Author Comment

by:parmor
ID: 26195635
I am forwarding_L2TP (UDP/1701), PPTP (TCP/1723) and IPSec (UDP/500)
Are those the only ones?
0
 

Author Comment

by:parmor
ID: 26195935
OK I have it working but I have a few more question. Do I need to create a new question or can I continue to use this?

We have a Windows 2000 AD: How do I run my scripts when I connect in through the VPN?
If I manually run it they don't work because of DNS issues.
Ie in the script I have something similiar to the following:
@net use t: \\Server1\public
@net use h: \\Server2\crm

The only way to get it to work at home is if I use the IP address but I don't really want to have to change every script

Running Apps seems kind of slow.  At home I have a 12mbps up/4mbps down and at work we have a 6 mbps conenction (4 bonded T1s)
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26196705
The problem now is probably WINS. You need to have WINS loaded and then on the DHCP server set the IP address of the WINS server. You can add that to the DNS server using Control Panel | Add/Remove Programs | Windows Components from what I remember.
Well RDP should work extremely well over the VPN. VNC on the other hand sucks big time.
Is RDP really slow?

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26197182
Ok will add WINS (thought it was)

I wasn't running RDP or VNC I was just running an app from the manually mapped drive.
0
 

Author Comment

by:parmor
ID: 26197633
RDP is working well and I am able to connect to the internal Computers via IP but cannot use PC Names.
I can ping internal IPs from my home but it doesn't find any of the host names.

I have WINS installed (it already was) but I am not sure if it is configured properly.
0
 
LVL 1

Expert Comment

by:ururu
ID: 26198483
then is a dns problem: check if the client receive the internal dns server address, if not configure the VPN server to give these to the client.
0
 

Author Comment

by:parmor
ID: 26202118
I get all of the correct addreses, ip, subnet, gateway , dns- and dns 2
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26209887
I think we need to setup another question now as this is either a DNS or WINS issue (could be a port in the firewall as well - I will compare with the one I have at home and will post here).

Cláudio Rodrigues
Citrix CTP
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 26210033
I have all the ports you have plus GRE (TCP 47) forwarded to the RRAS box.

Cláudio Rodrigues
Citrix CTP
0
 

Author Comment

by:parmor
ID: 26212834
ahh. that could be it.  If that works I will be done if not I will create a new question.
Thanks
0
 

Author Closing Comment

by:parmor
ID: 31673608
tsmvp: Thank you very much. You were extremely helpful in me getting this up and running
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security is one of the biggest concerns when moving and migrating your data from your on-premise location to the Public Cloud.  Where is your data? Who can access it? Will it be safe from accidental deletion?  All of these questions and more are imp…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question