Remote computer Access Without VPN

Answered Question
Jan 6th, 2010

Hello,

I have a customer, who has the following topology.

WAN--UC520--CE520--Phones and PCs

My customer has been using VPN and thus been able to remotely access the PCs. Now he is not very happy with the VPN ( Which is an entirely different story), and would like to access those PCs without an actual VPN connection. Is there any device that would be able to support this kind of access?

I understand that a Microsoft TS gateway could be used for this, but would need an SSL connection/certificate of some sort, can the UC520 provide this?

Any help would be greatly appreciated!

Regards,

Prasanna

I have this problem too.
0 votes
Correct Answer by Steven Smith about 7 years 1 week ago

You could open ports 3389 to one computer, 3390 to another, and 3391 to another.  The firewall could translate the port to the correct computer and you would only need RDP.

Alternatively, would the customer be happy with a SSLVPN to the UC500?

Correct Answer by John Platts about 7 years 1 week ago

Yes, a TS Gateway can be used with the UC520. The UC520 does not need any additional SSL certificates installed on it because the TS Gateway will be terminating the SSL connections.

Here is what needs to be done in order for this to happen:

  • A DNS A entry pointing to UC520 WAN IP address. This can be accomplished by either using Dynamic DNS (DDNS), or by having a static DNS A entry plus a static IP address on the UC520.
  • SSL certificate has the correct DNS hostname.
  • SSL certificate is actually installed on the TS gateway server, because SSL traffic will be port forwarded to the TS gateway server.
  • SSL port 443 on UC520 WAN interface is port forwarded to the TS gateway server. This can be done in Cisco Configuration Assistant.
  • TS gateway server reachable from the UC520 and connected behind the UC520.
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
John Platts Wed, 01/06/2010 - 11:52

Yes, a TS Gateway can be used with the UC520. The UC520 does not need any additional SSL certificates installed on it because the TS Gateway will be terminating the SSL connections.

Here is what needs to be done in order for this to happen:

  • A DNS A entry pointing to UC520 WAN IP address. This can be accomplished by either using Dynamic DNS (DDNS), or by having a static DNS A entry plus a static IP address on the UC520.
  • SSL certificate has the correct DNS hostname.
  • SSL certificate is actually installed on the TS gateway server, because SSL traffic will be port forwarded to the TS gateway server.
  • SSL port 443 on UC520 WAN interface is port forwarded to the TS gateway server. This can be done in Cisco Configuration Assistant.
  • TS gateway server reachable from the UC520 and connected behind the UC520.
Correct Answer
Steven Smith Wed, 01/06/2010 - 12:07

You could open ports 3389 to one computer, 3390 to another, and 3391 to another.  The firewall could translate the port to the correct computer and you would only need RDP.

Alternatively, would the customer be happy with a SSLVPN to the UC500?

psingaraju Wed, 01/06/2010 - 12:36

Thanks Steve, I have it set up this way for now.

I will try the TS gateway and let you know how that goes.

SSLVPN is already enabled, but this still is a VPN connection is my customer's argument.(Someone who despises secure connections I guesses ;))

Thanks again!

Cheers,

Prasanna

Actions

This Discussion