Solved

Remote user access to applications in our network

Posted on 2011-09-08
14
360 Views
Last Modified: 2012-05-12
So I have an unusual situation where we have users at remote site on clients network. Most of these clients are locked down with firewalls and trying to get them to open certain ports is like pulling teeth. One port that is always open is port 80. I was wondering if anyone knows of a way or device we can use to port everything out 80 to our network and have it go to the right ports. I know this probably does not make any sense but I was thinking of encapsulation or something.

Any ideas?
0
Comment
Question by:clynch302
14 Comments
 
LVL 3

Expert Comment

by:sofsol
ID: 36505420
There’s a product that enables remote access to Windows applications called GO-Global. The regular product, GO-Global Host, gets installed on the machine with the application to be accessed and that machine needs to have port 491 opened – ie at the host end. But remote users can connect from a web browser so the remote client only needs port 80 open. For this solution to work they do need to install an ActiveX client in their browser. There is a further layer to GO-Global available called GO-Global Cloud that uses Adobe AIR within a browser meaning the remote user would only require Flash installed in their browser. They would connect from their browser to GO-Global Cloud at the host end, then GO-Global Cloud would pass the connection on to GO-Global Host. More information at http://www.graphon.com.
0
 
LVL 26

Expert Comment

by:Soulja
ID: 36505607
They don't allow SSL out? I'm pretty sure they do. If so, see if you can set up SSL vpn with your customers.
0
 

Author Comment

by:clynch302
ID: 36505687
They probably do allow SSL out. So if I am running Lotus Notes client which uses port 1352 to connect to my Domino server, how would I set up SSL VPN to access my Domino server using port 1352?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 36505785
It depends on the type of network hardware you have at your site. SSL vpn will allow the user to VPN into your network. They will essentially be on a designated subnet on your network that you will allow/restrict access to your network resources.
0
 

Author Comment

by:clynch302
ID: 36505824
I do have a VPN set up here at the corporate
0
 
LVL 26

Expert Comment

by:Soulja
ID: 36505861
That is not necessarily ssl vpn. Can you confirm how your vpn is setup? What type? What type of head end equipment will be handling the vpn and if it even has ssl vpn capabilities.
0
 

Author Comment

by:clynch302
ID: 36506078
I have a ISA 2006 acting as the VPN. The remotes sites right now have nothing but what the client gives them.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 26

Accepted Solution

by:
Soulja earned 500 total points
ID: 36506221
Okay, ISA supports SSL vpn. Unfortunately, I don't know how to configure that, but here is a tutorial that may lead you in the right direction. I do believe create SSL vpn will be a great solution for your situation though.

http://www.isaserver.org/tutorials/Publishing-Windows-Server-2008-SSL-VPN-Server-Using-ISA-2006-Firewalls-Part1.html
0
 

Author Comment

by:clynch302
ID: 36506793
Thank you for the link. I think that makes a lot of sense now.

One last idiotic questions... My boss seems to think that there is a device that can encapsulate traffic to port 80 and have another device on the receiving end that would de-encapsulate the traffic back to the original ports. I have never heard of such a device, have you?
0
 
LVL 26

Expert Comment

by:Soulja
ID: 36507049
Nope, never heard of the device.
0
 
LVL 10

Expert Comment

by:doninja
ID: 36528572
The only additional idea is to use some tunneling software that creates a virtual network device between the client and the remote server.

Look at Logmein Hamachi as example.
Software is installed on client and server and creates an additional virtual network using standard http ports bettween 2 or more machines. This uses a private 5.x.x.x address so it should not interfere with normal network operations.

Have used this to access servers including domino, file and print access, SQL etc from behind firewalled sites.

Hamachi will try to talk directly on port 12975 by default but will contact a central server and create a relayed tunnel to destination server using port 443 if not succesful.
All traffic would then be relayed using the central server (slower than direct connection of course)
At the receiving end any traffic is received on the virtual network address using the port applicable to that application (1352 for notes etc)
0
 

Author Comment

by:clynch302
ID: 36529982
I've requested that this question be closed as follows:

Accepted answer: 0 points for clynch302's comment http:/Q_27298267.html#36506793

for the following reason:

Thanks Doninja for the info. I think SSL Vpn is the way to go for our environment. I looked at some devices that support SSL VPN and it looks promising. .
0
 

Author Comment

by:clynch302
ID: 36529983
I meant to award Soulja the points....sorry
0
 

Author Closing Comment

by:clynch302
ID: 36529985
Thank you...
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now