Remote computer Access Without VPN

Answered Question
Jan 6th, 2010
User Badges:

Hello,


I have a customer, who has the following topology.


WAN--UC520--CE520--Phones and PCs


My customer has been using VPN and thus been able to remotely access the PCs. Now he is not very happy with the VPN ( Which is an entirely different story), and would like to access those PCs without an actual VPN connection. Is there any device that would be able to support this kind of access?


I understand that a Microsoft TS gateway could be used for this, but would need an SSL connection/certificate of some sort, can the UC520 provide this?

Any help would be greatly appreciated!


Regards,


Prasanna

Correct Answer by Steven Smith about 7 years 5 months ago

You could open ports 3389 to one computer, 3390 to another, and 3391 to another.  The firewall could translate the port to the correct computer and you would only need RDP.


Alternatively, would the customer be happy with a SSLVPN to the UC500?

Correct Answer by John Platts about 7 years 5 months ago

Yes, a TS Gateway can be used with the UC520. The UC520 does not need any additional SSL certificates installed on it because the TS Gateway will be terminating the SSL connections.


Here is what needs to be done in order for this to happen:

  • A DNS A entry pointing to UC520 WAN IP address. This can be accomplished by either using Dynamic DNS (DDNS), or by having a static DNS A entry plus a static IP address on the UC520.
  • SSL certificate has the correct DNS hostname.
  • SSL certificate is actually installed on the TS gateway server, because SSL traffic will be port forwarded to the TS gateway server.
  • SSL port 443 on UC520 WAN interface is port forwarded to the TS gateway server. This can be done in Cisco Configuration Assistant.
  • TS gateway server reachable from the UC520 and connected behind the UC520.
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
John Platts Wed, 01/06/2010 - 11:52
User Badges:
  • Silver, 250 points or more

Yes, a TS Gateway can be used with the UC520. The UC520 does not need any additional SSL certificates installed on it because the TS Gateway will be terminating the SSL connections.


Here is what needs to be done in order for this to happen:

  • A DNS A entry pointing to UC520 WAN IP address. This can be accomplished by either using Dynamic DNS (DDNS), or by having a static DNS A entry plus a static IP address on the UC520.
  • SSL certificate has the correct DNS hostname.
  • SSL certificate is actually installed on the TS gateway server, because SSL traffic will be port forwarded to the TS gateway server.
  • SSL port 443 on UC520 WAN interface is port forwarded to the TS gateway server. This can be done in Cisco Configuration Assistant.
  • TS gateway server reachable from the UC520 and connected behind the UC520.
Correct Answer
Steven Smith Wed, 01/06/2010 - 12:07
User Badges:
  • Gold, 750 points or more

You could open ports 3389 to one computer, 3390 to another, and 3391 to another.  The firewall could translate the port to the correct computer and you would only need RDP.


Alternatively, would the customer be happy with a SSLVPN to the UC500?

psingaraju Wed, 01/06/2010 - 12:36
User Badges:

Thanks Steve, I have it set up this way for now.


I will try the TS gateway and let you know how that goes.


SSLVPN is already enabled, but this still is a VPN connection is my customer's argument.(Someone who despises secure connections I guesses ;))


Thanks again!


Cheers,

Prasanna

Actions

This Discussion