VNC client access thru a bridged Modem

Posted on 2010-01-08
Last Modified: 2013-11-30
I've got a network setup behind a modem supplied by AT&T.  Their device has been placed in "bridged" mode.  My Cisco router is handling DHCP for our LAN.  LAN clients are communicating across the network with no problems.  I've downloaded a free version of VNC (I'm open to doing this again with any version) and VNC Server is installed on all clients.  To access a LAN client from a remote location, I've installed VNC Viewer on a remote PC.  I've got the Static IP supplied by AT&T to allow me access from the outside and to pass me through to my router.  My Cisco router is configured for port forwarding to all clients - and each of these clients has had their listening ports changed to 3390 thru 3391.

I was hoping to connect to the clients via the VNC Viewer by entering:
                   Static IP Address:listening port of desired client
Example:     215.365.317.33:3390

This is not working.  I'm recieving an error -> Failed to connect to Server

Computers on LAN are running Windows 7 Home Premium which prohibits me from using Remote Desktop Connection, which I would prefer.

Remote Computer is running Windows Vista Home Premium.

Please Advise

Question by:baleman2
    LVL 9

    Expert Comment

    You need some static NAT statements, like this:

    ip nat inside source static tcp <inside IP> <inside port> <outside IP> <outside port>
    ip nat inside source static tcp 3390 215.365.317.33 3390
    ip nat inside source static tcp 3391 215.365.317.33 3391

    You will also need to allow these ports in your inbound ACL.
    LVL 5

    Expert Comment

    So... each of the PCs you desire to reach are VNC servers (listeners)

    You must be able to uniquely identify each of the servers via some scheme you devise. If you only have one public IP, then you must creatively forward ports.

    In my case, I have 5 PCs I want to be able to reach from the outside. All the PCs are using the default listening port of 5900 and have hard coded IPs. At the router I do this (using your public IP for ease of explanation):

    215.365.317.33:3390 is forwarded to (for example)
    215.365.317.33:3391 is forwarded to
    215.365.317.33:3392 is forwarded to
    215.365.317.33:3393 is forwarded to
    215.365.317.33:3394 is forwarded to

    This way, only one public IP address is required but I can select the PC inside the network that I want by using the port number. The router handles the selection through port forwarding. This becomes more complicate in a DHCP situation. I'd go for static DHCP address assignment so they never change.

    Author Comment

    To Vito:
    Where do I type/enter these NAT statements?

    To tedh7552:
    In my own configuration shown in my original question, I believe I've followed your steps precisely with the exception that the listening ports for my client PC's are different than 5900.  I've adjusted the listening ports by using "regedit" on each client and drilling down the appropriate path until reaching "Port Number".   By default, the listening port is 3389 and I'm changing this port to 3390, 3391, etc.
    However in my Router, I'm only port forwarding in this manner:
    port number 3390 is forwarded to      (which is a static IP for the client)
    port number 3391 is forwarded to . . and so on.
    I don't thing there's a spot for 5900 to be added at the end of the IP address as shown in your example.
    LVL 9

    Expert Comment

    You need to enter them on the Cisco router. Sorry about that. So:

    conf t

    They will need to be modified with your inside IPs though.

    You say you're forwarding the ports already? How are you doing this?


    Author Comment

    My router has a GUI interface where several options are available.  One of the selections is "Applications & Gaming" and it is in that section of setup where all these entries can be made.

    Author Comment

    To Vito:
    It looks as though you're instructing me to use a command line editor to enter information.  I thought I'd enclose a picture of the way I'm handling this with the GUI interface.

    LVL 9

    Accepted Solution

    Ah, you said Cisco. Technically Linksys is now a Cisco company, but it's still Linksys, lol. I was confused.

    Ok, so in that window you would put the ports, so the first line would be:

    VNC1  3390 3390  TCP  X
    VNC1  3391 3391  TCP  X

    Replace and .11 with the right IPs, then keep going.

    You are testing this from outside your network, correct? Using your public IP from inside your network may not work.
    LVL 18

    Assisted Solution

    by:Ravi Agrawal
    VNC listens on 5900, you need to forward ports in that range 5900, 5901, 5902 & so on

    Why are you configuring it for the Remote Desktop. Remote Desktop is not involved in any way with VNC so forget that 3389 series of Ports. VNC is a standalone Application sufficient for what you are trying to do.

    Set static IP for machine listening on VNC1 to VNC5 as to respectively.

    In the above config window of yours, I would fill it up with the Following-


    configureSet static IP for machine listening on VNC1 to VNC5 as to respectively.

    configure the Vnc server in to listen to port 5900
    configure the Vnc server in to listen to port 5901
    configure the Vnc server in to listen to port 5902
    configure the Vnc server in to listen to port 5903
    configure the Vnc server in to listen to port 5904

    To Remote Control VNC1 from outside use the static ip and port no as 5900
    To Remote Control VNC2 from outside use the static ip and port no as 5901
    To Remote Control VNC3 from outside use the static ip and port no as 5902
    To Remote Control VNC4 from outside use the static ip and port no as 5903
    To Remote Control VNC5 from outside use the static ip and port no as 5904

    that should do it.

    A better solution would be to use Teamviwer. Note down the Numbers to remote control, Assign the application to Autostart and connect to those machines using the Numbers Teamviewer assigns to them. I do it all the time. I have used VNC, Logmein, Remote Desktop and Teamviewer successfully and found teamviewer to be the best.

    Please note session to VNC from Outside is unencrypted & is a huge security risk.

    Download teamviewer from

    It is free for Personal Use. Sessions are Encrypted.,


    Author Closing Comment

    Vito for answering early and correctly.
    Grtrader for the detail.

    Thanks, guys!

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    At the beginning of the year, the IT world was taken hostage by the shareholders of LogMeIn. Their free product, which had been free for ten years, all of the sudden became a "pay" product. Now, I am the first person who will say that software maker…
    Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now