• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 435
  • Last Modified:

Remote user access to applications in our network

So I have an unusual situation where we have users at remote site on clients network. Most of these clients are locked down with firewalls and trying to get them to open certain ports is like pulling teeth. One port that is always open is port 80. I was wondering if anyone knows of a way or device we can use to port everything out 80 to our network and have it go to the right ports. I know this probably does not make any sense but I was thinking of encapsulation or something.

Any ideas?
0
clynch302
Asked:
clynch302
1 Solution
 
sofsolCommented:
There’s a product that enables remote access to Windows applications called GO-Global. The regular product, GO-Global Host, gets installed on the machine with the application to be accessed and that machine needs to have port 491 opened – ie at the host end. But remote users can connect from a web browser so the remote client only needs port 80 open. For this solution to work they do need to install an ActiveX client in their browser. There is a further layer to GO-Global available called GO-Global Cloud that uses Adobe AIR within a browser meaning the remote user would only require Flash installed in their browser. They would connect from their browser to GO-Global Cloud at the host end, then GO-Global Cloud would pass the connection on to GO-Global Host. More information at http://www.graphon.com.
0
 
SouljaCommented:
They don't allow SSL out? I'm pretty sure they do. If so, see if you can set up SSL vpn with your customers.
0
 
clynch302Author Commented:
They probably do allow SSL out. So if I am running Lotus Notes client which uses port 1352 to connect to my Domino server, how would I set up SSL VPN to access my Domino server using port 1352?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
SouljaCommented:
It depends on the type of network hardware you have at your site. SSL vpn will allow the user to VPN into your network. They will essentially be on a designated subnet on your network that you will allow/restrict access to your network resources.
0
 
clynch302Author Commented:
I do have a VPN set up here at the corporate
0
 
SouljaCommented:
That is not necessarily ssl vpn. Can you confirm how your vpn is setup? What type? What type of head end equipment will be handling the vpn and if it even has ssl vpn capabilities.
0
 
clynch302Author Commented:
I have a ISA 2006 acting as the VPN. The remotes sites right now have nothing but what the client gives them.
0
 
SouljaCommented:
Okay, ISA supports SSL vpn. Unfortunately, I don't know how to configure that, but here is a tutorial that may lead you in the right direction. I do believe create SSL vpn will be a great solution for your situation though.

http://www.isaserver.org/tutorials/Publishing-Windows-Server-2008-SSL-VPN-Server-Using-ISA-2006-Firewalls-Part1.html
0
 
clynch302Author Commented:
Thank you for the link. I think that makes a lot of sense now.

One last idiotic questions... My boss seems to think that there is a device that can encapsulate traffic to port 80 and have another device on the receiving end that would de-encapsulate the traffic back to the original ports. I have never heard of such a device, have you?
0
 
SouljaCommented:
Nope, never heard of the device.
0
 
doninjaCommented:
The only additional idea is to use some tunneling software that creates a virtual network device between the client and the remote server.

Look at Logmein Hamachi as example.
Software is installed on client and server and creates an additional virtual network using standard http ports bettween 2 or more machines. This uses a private 5.x.x.x address so it should not interfere with normal network operations.

Have used this to access servers including domino, file and print access, SQL etc from behind firewalled sites.

Hamachi will try to talk directly on port 12975 by default but will contact a central server and create a relayed tunnel to destination server using port 443 if not succesful.
All traffic would then be relayed using the central server (slower than direct connection of course)
At the receiving end any traffic is received on the virtual network address using the port applicable to that application (1352 for notes etc)
0
 
clynch302Author Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for clynch302's comment http:/Q_27298267.html#36506793

for the following reason:

Thanks Doninja for the info. I think SSL Vpn is the way to go for our environment. I looked at some devices that support SSL VPN and it looks promising. .
0
 
clynch302Author Commented:
I meant to award Soulja the points....sorry
0
 
clynch302Author Commented:
Thank you...
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now