Remote user access to applications in our network
So I have an unusual situation where we have users at remote site on clients network. Most of these clients are locked down with firewalls and trying to get them to open certain ports is like pulling teeth. One port that is always open is port 80. I was wondering if anyone knows of a way or device we can use to port everything out 80 to our network and have it go to the right ports. I know this probably does not make any sense but I was thinking of encapsulation or something.
Any ideas?
Any ideas?
sofsol
There’s a product that enables remote access to Windows applications called GO-Global. The regular product, GO-Global Host, gets installed on the machine with the application to be accessed and that machine needs to have port 491 opened – ie at the host end. But remote users can connect from a web browser so the remote client only needs port 80 open. For this solution to work they do need to install an ActiveX client in their browser. There is a further layer to GO-Global available called GO-Global Cloud that uses Adobe AIR within a browser meaning the remote user would only require Flash installed in their browser. They would connect from their browser to GO-Global Cloud at the host end, then GO-Global Cloud would pass the connection on to GO-Global Host. More information at http://www.graphon.com.
They don't allow SSL out? I'm pretty sure they do. If so, see if you can set up SSL vpn with your customers.
ASKER
They probably do allow SSL out. So if I am running Lotus Notes client which uses port 1352 to connect to my Domino server, how would I set up SSL VPN to access my Domino server using port 1352?
It depends on the type of network hardware you have at your site. SSL vpn will allow the user to VPN into your network. They will essentially be on a designated subnet on your network that you will allow/restrict access to your network resources.
ASKER
I do have a VPN set up here at the corporate
That is not necessarily ssl vpn. Can you confirm how your vpn is setup? What type? What type of head end equipment will be handling the vpn and if it even has ssl vpn capabilities.
ASKER
I have a ISA 2006 acting as the VPN. The remotes sites right now have nothing but what the client gives them.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for the link. I think that makes a lot of sense now.
One last idiotic questions... My boss seems to think that there is a device that can encapsulate traffic to port 80 and have another device on the receiving end that would de-encapsulate the traffic back to the original ports. I have never heard of such a device, have you?
One last idiotic questions... My boss seems to think that there is a device that can encapsulate traffic to port 80 and have another device on the receiving end that would de-encapsulate the traffic back to the original ports. I have never heard of such a device, have you?
Nope, never heard of the device.
The only additional idea is to use some tunneling software that creates a virtual network device between the client and the remote server.
Look at Logmein Hamachi as example.
Software is installed on client and server and creates an additional virtual network using standard http ports bettween 2 or more machines. This uses a private 5.x.x.x address so it should not interfere with normal network operations.
Have used this to access servers including domino, file and print access, SQL etc from behind firewalled sites.
Hamachi will try to talk directly on port 12975 by default but will contact a central server and create a relayed tunnel to destination server using port 443 if not succesful.
All traffic would then be relayed using the central server (slower than direct connection of course)
At the receiving end any traffic is received on the virtual network address using the port applicable to that application (1352 for notes etc)
Look at Logmein Hamachi as example.
Software is installed on client and server and creates an additional virtual network using standard http ports bettween 2 or more machines. This uses a private 5.x.x.x address so it should not interfere with normal network operations.
Have used this to access servers including domino, file and print access, SQL etc from behind firewalled sites.
Hamachi will try to talk directly on port 12975 by default but will contact a central server and create a relayed tunnel to destination server using port 443 if not succesful.
All traffic would then be relayed using the central server (slower than direct connection of course)
At the receiving end any traffic is received on the virtual network address using the port applicable to that application (1352 for notes etc)
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for clynch302's comment http:/Q_27298267.html#36506793
for the following reason:
Thanks Doninja for the info. I think SSL Vpn is the way to go for our environment. I looked at some devices that support SSL VPN and it looks promising. .
Accepted answer: 0 points for clynch302's comment http:/Q_27298267.html#36506793
for the following reason:
Thanks Doninja for the info. I think SSL Vpn is the way to go for our environment. I looked at some devices that support SSL VPN and it looks promising. .
ASKER
I meant to award Soulja the points....sorry
ASKER
Thank you...