How to set up 871 for VNC access without VPN

I am trying to access workstations via VNC in our office when I am on the road and unable to connect to VPN.  I am making an effort to access through port 5900 and have added this line in my router config

ip nat inside source static tcp 192.168.1.50 5900 interface FastEthernet4 5900

Unfortunately I am still not able to connect. Are there any other commands I need to send to router.  I am a rookie at this and am afraid to damage the router config.  Thank you for any help that can be offered.
MetsJetsVAAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

akahanCommented:
That accomplishes the forwarding, but you probably also need to open a hole in your firewall, typically something like this:

access-list 101 permit tcp any host [insert your WAN IP ADDRESS] eq 5900

0
MetsJetsVAAuthor Commented:
Thank you for your response.  I have added this command to the router and I am still unable to connect. Any more suggestions?
0
akahanCommented:
Are you trying to connect from a machine that's inside your network, or are you actually trying to connect from outside your network?
0
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

MetsJetsVAAuthor Commented:
Right now I am inside my network but my goal is to be able to connect from outside the network.
0
akahanCommented:
It's not working because you are trying to do it from inside your network.   Your Cisco router won't let you "double back" like that.   You need to actually try it from outside your network.
0
MetsJetsVAAuthor Commented:
Thank you again for responding.  I will try from outside my network tomorrow and post the results tomorrow night.
0
akahanCommented:
OK.  Before trying from outside the network: if you haven't done so already, make sure the VNC server is properly functioning on your target machine by using its LAN address from within your network, e.g.: http://192.168.1.150:5900 
0
OzNetNerdCommented:
Can you please show us your running configuration?
0
MetsJetsVAAuthor Commented:
Thank you very much for replying.  Here is the running config:


Building configuration...

Current configuration : 12387 bytes
!
! Last configuration change at 18:31:14 NewYork Mon Mar 29 2010 by lou1sa
! NVRAM config last updated at 22:02:40 NewYork Sun Mar 28 2010 by lou1sa
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname va871
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
logging buffered 51200 informational
logging console critical
enable secret 5 aljdkfAJJlkj332l34rj323kladf
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa authorization network sdm_vpn_group_ml_2 local
!
aaa session-id common
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip multicast-routing
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW icmp
!
!
crypto pki trustpoint TP-self-signed-1716552704
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1716552704
 revocation-check none
 rsakeypair TP-self-signed-1716552704
!
!
crypto pki certificate chain TP-self-signed-1716552704
 certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31373136 35353237 3034301E 170D3036 30343235 30323439
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37313635
  35323730 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81009326 4A6FD4E3 B496A127 6FFB0978 AEFCCBE3 FB9D98CB 487C1B6A 7698C933
  4DD916A4 2B5C1835 9987C0AB D545C190 4BB176E7 2C16B4EE 11AC726D 37DEB94C
  2CE6270F 267AE2EE 79F3F305 F3C96334 84D2AD84 29516F18 53C16ADB 78608B44
  8E2270F7 0A306DBA E83C5A23 B5E3F94B F784AC31 5404F056 68DAB8B8 4484F6E7
  26F70203 010001A3 74307230 0F060355 1D130101 FF040530 030101FF 301F0603
  551D1104 18301682 14766138 37312E79 6F757264 6F6D6169 6E2E636F 6D301F06
  03551D23 04183016 8014275B 8D4DB455 447178B9 902BDA7F EF01D969 4D23301D
  0603551D 0E041604 14275B8D 4DB45544 7178B990 2BDA7FEF 01D9694D 23300D06
  092A8648 86F70D01 01040500 03818100 91205B66 59911D39 37A62108 23927D32
  EE971132 A498A127 1DCD1A67 59D24EE6 D7EE446E D2276DCC FDF10A8C DEE8870E
  381444EE 85F380E0 3C07400D E41A8FE7 4351FF28 AD761C48 6E51621F 9FCEFD95
  9A9BC17C 8A155690 3F627274 628A664F BA0A35F8 B9449567 F8663503 3AB3D996
  74CA92C9 45677B7F 1CE9AD18 F0EDDEA5
  quit
username adkfj4la secret 5 adfjkjl;kj$;lalkfjkdaf 892-2.
username adf32s privilege 15 secret 5 aqdfdaf8wer33w2s22sdf344
!
!
!
crypto isakmp policy 1
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 63.148.18.10 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 72.68.142.2 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 71.0.93.37 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 96.56.134.66 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 67.76.162.5 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 65.166.9.167 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 74.62.213.66 no-xauth
crypto isakmp key 954123874216afasdfeasdfeeasdfs address 0.0.0.0 0.0.0.0
crypto isakmp invalid-spi-recovery
!
crypto isakmp client configuration group allied
 key 8492641332211343afd2adfdfadfaadf123asd2
 dns 192.168.1.32 205.171.3.65
 wins 192.168.1.32
 domain alliedbrass.local
 pool SDM_POOL_1
 acl 101
 include-local-lan
!
!
crypto ipsec transform-set Client esp-des esp-md5-hmac
crypto ipsec transform-set DMVPN esp-des esp-md5-hmac
!
crypto ipsec profile SDM_Profile1
 set transform-set DMVPN
!
!
crypto dynamic-map SDM_DYNMAP_1 1
 set security-association idle-time 3600
 set transform-set Client
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_2
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_2
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
interface Tunnel0
 bandwidth 1400
 ip address 10.0.1.1 255.255.0.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1400
 no ip next-hop-self eigrp 1
 ip pim dense-mode
 ip nhrp authentication DMVPN_NW
 ip nhrp map multicast dynamic
 ip nhrp network-id 100000
 ip nhrp holdtime 360
 ip tcp adjust-mss 1360
 no ip split-horizon eigrp 1
 no ip mroute-cache
 delay 1000
 qos pre-classify
 tunnel source FastEthernet4
 tunnel mode gre multipoint
 tunnel key 13131313
 tunnel protection ipsec profile SDM_Profile1
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ETH-WAN$
 bandwidth 1536
 ip address 65.114.164.106 255.255.255.248
 ip access-group 100 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 crypto map SDM_CMAP_1
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
router eigrp 1
 network 10.0.0.0 0.0.255.255
 network 192.168.1.0
 no auto-summary
!
ip local pool SDM_POOL_1 192.168.10.1 192.168.10.14
ip route 0.0.0.0 0.0.0.0 65.114.164.105
!
ip flow-top-talkers
 top 10
 sort-by bytes
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip pim bidir-enable
ip nat inside source static tcp 192.168.1.50 5900 interface FastEthernet4 5900
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
!
logging trap notifications
logging 192.168.1.190
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.1.190
access-list 1 permit any
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.10.0 0.0.0.15 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.15 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.15 any
access-list 100 permit gre any host 65.114.164.106
access-list 100 permit tcp any host 65.114.164.106 eq 22
access-list 100 permit tcp any host 65.114.164.106 eq 443
access-list 100 permit tcp any host 65.114.164.106 eq cmd
access-list 100 deny   tcp any host 65.114.164.106 eq telnet
access-list 100 deny   tcp any host 65.114.164.106 eq www
access-list 100 deny   udp any host 65.114.164.106 eq snmp
access-list 100 permit udp any host 65.114.164.106 eq non500-isakmp
access-list 100 permit udp any host 65.114.164.106 eq isakmp
access-list 100 permit esp any host 65.114.164.106
access-list 100 permit ahp any host 65.114.164.106
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.10.0 0.0.0.15 192.168.0.0 0.0.255.255
access-list 100 remark Auto generated by SDM for NTP (123) 129.7.1.66
access-list 100 permit udp host 129.7.1.66 eq ntp host 65.114.164.106 eq ntp
access-list 100 deny   ip 192.168.1.0 0.0.0.255 any
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.168.0.0 0.0.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip host 0.0.0.0 any
access-list 100 deny   ip any any
access-list 100 permit tcp any host 65.114.164.106 eq 5900
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit tcp any host 65.114.164.106 eq 5900
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any any eq 5900
access-list 102 permit ip host 192.168.1.54 any
access-list 102 permit tcp host 192.168.1.190 host 192.168.1.1 eq telnet
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq telnet
access-list 102 permit tcp host 192.168.1.190 host 192.168.1.1 eq 22
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 22
access-list 102 permit tcp host 192.168.1.190 host 192.168.1.1 eq www
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq www
access-list 102 permit tcp host 192.168.1.190 host 192.168.1.1 eq 443
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq 443
access-list 102 permit tcp host 192.168.1.190 host 192.168.1.1 eq cmd
access-list 102 permit tcp 192.168.1.0 0.0.0.255 host 192.168.1.1 eq cmd
access-list 102 deny   tcp any host 192.168.1.1 eq telnet
access-list 102 deny   tcp any host 192.168.1.1 eq 22
access-list 102 deny   tcp any host 192.168.1.1 eq www
access-list 102 deny   tcp any host 192.168.1.1 eq 443
access-list 102 deny   tcp any host 192.168.1.1 eq cmd
access-list 102 deny   udp any host 192.168.1.1 eq snmp
access-list 102 remark Auto generated by SDM for NTP (123) 129.7.1.66
access-list 102 permit udp host 129.7.1.66 eq ntp host 192.168.1.1 eq ntp
access-list 102 deny   ip 65.114.164.104 0.0.0.7 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=17
access-list 103 permit ip host 192.168.1.190 any
access-list 103 permit ip any any
access-list 104 remark SDM_ACL Category=4
access-list 104 permit ip 192.168.2.0 0.0.0.255 any
access-list 108 remark PAT Rule
access-list 108 remark SDM_ACL Category=2
access-list 108 deny   ip 192.168.2.0 0.0.0.255 192.168.10.0 0.0.0.15
access-list 108 deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.15
access-list 108 deny   ip any 192.168.10.0 0.0.0.15
access-list 108 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 108 deny   ip 192.168.1.0 0.0.0.255 10.0.0.0 0.0.255.255
access-list 108 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
!
route-map SDM_RMAP_1 permit 1
 match ip address 108
!
!
control-plane
!
banner login ^CThis is a private system,  Unauthorized access is strictly prohibited.  All access is monitored and unauthorized access attempts may be prosecuted to the fullest extent of the law.  Have a nice day.^C
!
line con 0
 no modem enable
 transport output telnet
line aux 0
 transport output telnet
line vty 0 4
 access-class 103 in
 login authentication sdm_vpn_xauth_ml_2
 transport input telnet ssh
 transport output telnet
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175232
ntp server 129.7.1.66 source FastEthernet4 prefer
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

0
OzNetNerdCommented:
You'll need to add these two lines:

access-list 100 remark Permit VNC traffic
access-list 100 permit tcp any host host 65.114.164.106 eq 5900

However, because you have this line "access-list 100 deny   ip any any" at the end of your ACL you cannot simply copy and paste the above lines, and, because your using a numbered ACL as opposed to a named ACL, you cannot insert the two lines above the deny line. In short, what you will need to do is this:

 - You'll need to take a copy of the ACL and slot my two lines above somewhere near the top
 - You'll then need to issue the "no access-list 100" command
 - You will then need to paste your copy of the ACL back in in to the router (which will have my two lines included).

Here is an example (I have included my two commands on the 6th and 7th line below):

access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.10.0 0.0.0.15 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.15 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.10.0 0.0.0.15 any
access-list 100 remark Permit VNC traffic
access-list 100 permit tcp any host host 65.114.164.106 eq 5900
access-list 100 permit gre any host 65.114.164.106
access-list 100 permit tcp any host 65.114.164.106 eq 22
access-list 100 permit tcp any host 65.114.164.106 eq 443
access-list 100 permit tcp any host 65.114.164.106 eq cmd
access-list 100 deny   tcp any host 65.114.164.106 eq telnet
access-list 100 deny   tcp any host 65.114.164.106 eq www
access-list 100 deny   udp any host 65.114.164.106 eq snmp
access-list 100 permit udp any host 65.114.164.106 eq non500-isakmp
access-list 100 permit udp any host 65.114.164.106 eq isakmp
access-list 100 permit esp any host 65.114.164.106
access-list 100 permit ahp any host 65.114.164.106
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.0.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.2.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.4.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 remark IPSec Rule
access-list 100 permit ip 192.168.5.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 100 permit ip 192.168.10.0 0.0.0.15 192.168.0.0 0.0.255.255
access-list 100 remark Auto generated by SDM for NTP (123) 129.7.1.66
access-list 100 permit udp host 129.7.1.66 eq ntp host 65.114.164.106 eq ntp
access-list 100 deny   ip 192.168.1.0 0.0.0.255 any
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any unreachable
access-list 100 deny   ip 10.0.0.0 0.255.255.255 any
access-list 100 deny   ip 172.16.0.0 0.15.255.255 any
access-list 100 deny   ip 192.168.0.0 0.0.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip host 0.0.0.0 any
access-list 100 deny   ip any any

By the way, my ACL allows ANYONE to VNC in to your server, do you have specific IP addresses you can use instead? The reason why I ask is because allowing anyone VNC access to your server is not secure and people who have done this before have been hacked.
0
MetsJetsVAAuthor Commented:
Thank you very much for getting back to me on this.  Before I post this to the router if you could let me know if there is anything I can do about the security risk it would be greatly appreciated.
0
OzNetNerdCommented:
See this page, http://www.ciscoblog.com/2006/12/configuring-a-c.html , it is a blog post in a Cisco Blog that I regularly. The host allowed RDP and VNC traffic out on to the internet and was hacked, so he decided to write a blog post about how the two protocols securely, however, it involves a VPN which I believe you already have?
0
OzNetNerdCommented:
See this page, http://www.ciscoblog.com/2006/12/configuring-a-c.html , it is a blog post in a Cisco Blog that I regularly. The host allowed RDP and VNC traffic out on to the internet and was hacked, so he decided to write a blog post about how the two protocols securely, however, it involves a VPN which I believe you already have for other purposes?

"I am trying to access workstations via VNC in our office when I am on the road and unable to connect to VPN."

Is there a reason why you cannot VPN in when  you are out of the office?
0
MetsJetsVAAuthor Commented:
Thanks again for getting back to me.  I am trying to allow access with handheld devices via VNC and I cannot establish a VPN with the handheld so I thought that an IP VNC might be a good solution.  If you have an alternative suggestion that would be great.

I have tried to issue the no access-list command above and then pasting the Access list you provided.  I thought I would just take a quick look and see if that took care of the problem. Unfortunately I am not able to paste the code back into the router.  It seems to disconnect after pasting about 4 lines.  I have tried with both Tera Term and Hyperterminal. Any suggestions.

Once again thanks for your help
0
OzNetNerdCommented:
Not a problem, I'm glad I am able to help.

Are you sure it is disconnecting you? What happens if you keep pressing enter?

Are you pasting the lines locally (directly connected to the router through a LAN cable or console cable) or are you trying to connect remotely (through a VPN connection?)

Also, try pasting the ACL in small parts, e.g four lines at a time. The programs that people use to access their routers have buffers, so if you try to paste too much in one go, the program will not allow it.

Also, does the router keep disconnecting at the same line in the ACL? If so, what line is it?

0
MetsJetsVAAuthor Commented:
Thanks again and it is really great that you volunteer your time to help guys like me!

In the status bar on the bottom of terminal it shows disconnected.  I did try pressing enter a number of times and that did not help.

I am pasting the lines at a remote site through a VPN.  If you feel I should try this when I am local I will work on it when I am in the office, although that will probably not be until next week some time.

It was freezing after line 3 and sometimes it got to line 4 in the code you gave me to paste.

Is there a workaround other than the link you gave me for the security risk.  If not maybe I should scrap the idea of connecting in this way.  Please let me know your opinion.

Thanks
0
OzNetNerdCommented:
Not a problem at all, I am glad to help everyone out where ever I can :)

hmm, lines three and four were part of your existing ACL so should paste AOK. How are you re-gaining access to the router after you get disconnected?

To be honest, if the remote devices cannot VPN or perform some sort of secure connection, then you should scrap the idea. It just isn't worth the risk.

What devices are you using? Do they have any VPN clients for them? Also, perhaps take a look at sites like http://www.logmein.com - basically it allows you to VPN in just by going to a website, so you don't need to do anything over the top to set it up. (Well you do need to install a client on the PC(s) you want to connect to).

Another alternative that we've used (here in Australia, but I'm sure other countries would have it too), we use mobile SIM cards for 3G connections and our ISP allows us to use an "APN" (access point name, basically a wireless profile) that when used, it automatically creates an encrypted VPN connection to our office, perhaps your ISP could do the same?

Let me know what you think :)
0
OzNetNerdCommented:
Here is another link for LogMeIn - https://secure.logmein.com/products/hamachi2/

They took over another VPN solution named Hamachi and it looks like they have provided the two products.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MetsJetsVAAuthor Commented:
Put me in the right direction.  Really appreciate the help and having this forum available.
0
OzNetNerdCommented:
Thanks for the points buddy, I'm glad I could help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.