Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


VNC client access thru a bridged Modem

Posted on 2010-01-08
Medium Priority
Last Modified: 2013-11-30
I've got a network setup behind a modem supplied by AT&T.  Their device has been placed in "bridged" mode.  My Cisco router is handling DHCP for our LAN.  LAN clients are communicating across the network with no problems.  I've downloaded a free version of VNC (I'm open to doing this again with any version) and VNC Server is installed on all clients.  To access a LAN client from a remote location, I've installed VNC Viewer on a remote PC.  I've got the Static IP supplied by AT&T to allow me access from the outside and to pass me through to my router.  My Cisco router is configured for port forwarding to all clients - and each of these clients has had their listening ports changed to 3390 thru 3391.

I was hoping to connect to the clients via the VNC Viewer by entering:
                   Static IP Address:listening port of desired client
Example:     215.365.317.33:3390

This is not working.  I'm recieving an error -> Failed to connect to Server

Computers on LAN are running Windows 7 Home Premium which prohibits me from using Remote Desktop Connection, which I would prefer.

Remote Computer is running Windows Vista Home Premium.

Please Advise

Question by:baleman2

Expert Comment

ID: 26216511
You need some static NAT statements, like this:

ip nat inside source static tcp <inside IP> <inside port> <outside IP> <outside port>
ip nat inside source static tcp 3390 215.365.317.33 3390
ip nat inside source static tcp 3391 215.365.317.33 3391

You will also need to allow these ports in your inbound ACL.

Expert Comment

ID: 26218992
So... each of the PCs you desire to reach are VNC servers (listeners)

You must be able to uniquely identify each of the servers via some scheme you devise. If you only have one public IP, then you must creatively forward ports.

In my case, I have 5 PCs I want to be able to reach from the outside. All the PCs are using the default listening port of 5900 and have hard coded IPs. At the router I do this (using your public IP for ease of explanation):

215.365.317.33:3390 is forwarded to (for example)
215.365.317.33:3391 is forwarded to
215.365.317.33:3392 is forwarded to
215.365.317.33:3393 is forwarded to
215.365.317.33:3394 is forwarded to

This way, only one public IP address is required but I can select the PC inside the network that I want by using the port number. The router handles the selection through port forwarding. This becomes more complicate in a DHCP situation. I'd go for static DHCP address assignment so they never change.

Author Comment

ID: 26221197
To Vito:
Where do I type/enter these NAT statements?

To tedh7552:
In my own configuration shown in my original question, I believe I've followed your steps precisely with the exception that the listening ports for my client PC's are different than 5900.  I've adjusted the listening ports by using "regedit" on each client and drilling down the appropriate path until reaching "Port Number".   By default, the listening port is 3389 and I'm changing this port to 3390, 3391, etc.
However in my Router, I'm only port forwarding in this manner:
port number 3390 is forwarded to      (which is a static IP for the client)
port number 3391 is forwarded to . . and so on.
I don't thing there's a spot for 5900 to be added at the end of the IP address as shown in your example.
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Expert Comment

ID: 26222656
You need to enter them on the Cisco router. Sorry about that. So:

conf t

They will need to be modified with your inside IPs though.

You say you're forwarding the ports already? How are you doing this?


Author Comment

ID: 26224048
My router has a GUI interface where several options are available.  One of the selections is "Applications & Gaming" and it is in that section of setup where all these entries can be made.

Author Comment

ID: 26224599
To Vito:
It looks as though you're instructing me to use a command line editor to enter information.  I thought I'd enclose a picture of the way I'm handling this with the GUI interface.


Accepted Solution

Vito_Corleone earned 1200 total points
ID: 26229211
Ah, you said Cisco. Technically Linksys is now a Cisco company, but it's still Linksys, lol. I was confused.

Ok, so in that window you would put the ports, so the first line would be:

VNC1  3390 3390  TCP  X
VNC1  3391 3391  TCP  X

Replace and .11 with the right IPs, then keep going.

You are testing this from outside your network, correct? Using your public IP from inside your network may not work.
LVL 18

Assisted Solution

by:Ravi Agrawal
Ravi Agrawal earned 800 total points
ID: 26264400
VNC listens on 5900, you need to forward ports in that range 5900, 5901, 5902 & so on

Why are you configuring it for the Remote Desktop. Remote Desktop is not involved in any way with VNC so forget that 3389 series of Ports. VNC is a standalone Application sufficient for what you are trying to do.

Set static IP for machine listening on VNC1 to VNC5 as to respectively.

In the above config window of yours, I would fill it up with the Following-


configureSet static IP for machine listening on VNC1 to VNC5 as to respectively.

configure the Vnc server in to listen to port 5900
configure the Vnc server in to listen to port 5901
configure the Vnc server in to listen to port 5902
configure the Vnc server in to listen to port 5903
configure the Vnc server in to listen to port 5904

To Remote Control VNC1 from outside use the static ip and port no as 5900
To Remote Control VNC2 from outside use the static ip and port no as 5901
To Remote Control VNC3 from outside use the static ip and port no as 5902
To Remote Control VNC4 from outside use the static ip and port no as 5903
To Remote Control VNC5 from outside use the static ip and port no as 5904

that should do it.

A better solution would be to use Teamviwer. Note down the Numbers to remote control, Assign the application to Autostart and connect to those machines using the Numbers Teamviewer assigns to them. I do it all the time. I have used VNC, Logmein, Remote Desktop and Teamviewer successfully and found teamviewer to be the best.

Please note session to VNC from Outside is unencrypted & is a huge security risk.

Download teamviewer from www.teamviewer.com

It is free for Personal Use. Sessions are Encrypted.,


Author Closing Comment

ID: 31674839
Vito for answering early and correctly.
Grtrader for the detail.

Thanks, guys!

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Like many organizations, your foray into cloud computing may have started with an ancillary or security service, like email spam and virus protection. For some, the first or second step into the cloud was moving email off-premise. For others, a clou…
Working from home is a dream for many people who aren’t happy about getting up early, going to the office, and spending long hours at work. There are lots of benefits of remote work for employees.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
Kernel Data Recovery is a renowned Data Recovery solution provider which offers wide range of softwares for both enterprise and home users with its cost-effective solutions. Let's have a quick overview of the journey and data recovery tools range he…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question