I have a customer, who has the following topology.
WAN--UC520--CE520--Phones and PCs
My customer has been using VPN and thus been able to remotely access the PCs. Now he is not very happy with the VPN ( Which is an entirely different story), and would like to access those PCs without an actual VPN connection. Is there any device that would be able to support this kind of access?
I understand that a Microsoft TS gateway could be used for this, but would need an SSL connection/certificate of some sort, can the UC520 provide this?
Any help would be greatly appreciated!
You could open ports 3389 to one computer, 3390 to another, and 3391 to another. The firewall could translate the port to the correct computer and you would only need RDP.
Alternatively, would the customer be happy with a SSLVPN to the UC500?
Yes, a TS Gateway can be used with the UC520. The UC520 does not need any additional SSL certificates installed on it because the TS Gateway will be terminating the SSL connections.
Here is what needs to be done in order for this to happen:
- A DNS A entry pointing to UC520 WAN IP address. This can be accomplished by either using Dynamic DNS (DDNS), or by having a static DNS A entry plus a static IP address on the UC520.
- SSL certificate has the correct DNS hostname.
- SSL certificate is actually installed on the TS gateway server, because SSL traffic will be port forwarded to the TS gateway server.
- SSL port 443 on UC520 WAN interface is port forwarded to the TS gateway server. This can be done in Cisco Configuration Assistant.
- TS gateway server reachable from the UC520 and connected behind the UC520.