Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
422
Views
5
Helpful
4
Replies

CISCO871W-G-A-K9 – Need Support For MS Remote Assistance

tdoran1
Level 1
Level 1

‎01-23-2006 12:04 PM - edited ‎03-03-2019 11:32 AM

We need to be able to ACCEPT REMOTE ASSISTANCE REQUESTS (EXPERT) trough our C871W from our clients that may or may not have an UPnP (Universal Plug and Play) compliant security device as they SEND REMOTE ASSISTANCE REQUESTS (NOVICE).

It is imperative that we obtain ASAP a “solution” (workaround or whatever) from CISCO (or anyone else) that permits the C871W as well as the C1841 (when received) to be able to ACCEPT REMOTE ASSISTANCE REQUESTS (EXPERT) at all times from any type (UPnP, NoN-UPnP, No Device et al.) of incoming SEND REMOTE ASSISTANCE REQUESTS (NOVICE) from our clients.

The site location with the C871W had a Webramp security device (several years ago to last year), then tried a SonicWall (rejected after two weeks due to no REMOTE ASSISTANCE support), then a Linksys RV082 (C871W must faster in throughput then RV082), and now the C871W.

We also will be operating a “site-to-site” VPN between the C871W and the C1841.

We support very small SMB clients (usually under 25 users), there is just no other simple affordable remote client solution for them to use, and that requires no configuration of their systems for this support mechanism.

HELP!

Thanks,

Tim

Labels:
0 Helpful
4 Replies 4

twojciac
Level 1
Level 1

‎01-23-2006 10:26 PM

Site to site VPN is your solution... as long as you're either allocating unique private address space to each customer, or doing static NAT (not PAT) over your VPN.

If the user send the request via e-mail or creates the file, the xml will contain the private ip address of the computer. As long as your site to site vpn is setup correctly, you'll be able to reach the remote computer on tcp/3389.

tdoran1
Level 1
Level 1
In response to twojciac

‎01-24-2006 06:23 AM

This is a “good idea” of using a VPN, however it does not meet the required “simplicity” criteria that I originally stated:

“We support very small SMB clients (usually under 25 users), there is just no other simple affordable remote client solution for them to use, and that requires no configuration of their systems for this support mechanism.”

Thus, what I am looking for is the following:

- No configuration, modification of any client (VPN) or software on client’s system

- “Dumb & Stupid” level of complexity and operation – Our clients have issues even with simple tasks such as “cut & paste” – That is why I am avoiding using PCAnywhere or similar.

- Perceived client “mindset” of being “in-control” (security and/changes to system)

The Microsoft Remote Assistance (see attached file) offers the above, meets the “criteria”, and often allows us to do quick “one off” (new client, one time issue solving) remote evaluations without a “site visit” which can be difficult as it can take us one hour to go fifteen miles due to traffic conditions, as we operate in the Hampton’s, and summer traffic is a “no go”.

We (and many of our clients) are receiving our internet feed from a CMTS headend through Cablevision, Bethpage, New York (service referred to as OptOnline), and thus have no “static IP address assignments”. Traditional data circuits are not an option for SMB clients out in this area, as costs can average over $ 1,000.00 per month or more due to “mileage” and other factors. Any form of DSL is usually “not available”, as the LEC VZ will not go past 15,000 wire feet from CO.

I believe the issue here is just not PORT 3389 (and several other MS PORTS that have been “opened” that may be “related”), but lack of UPnP support by Cisco; and I now strongly suspect that there is no “workaround”. Moreover, we do have 3389 “open”.

Router(config)# access-list 103 permit tcp any any eq 3389

Router(config)# access-list 103 permit udp any any eq 3389

Router(config)# access-list 103 permit tcp any any eq 135

Router(config)# access-list 103 permit udp any any eq 135

Router(config)# access-list 103 permit tcp any any eq 445

Router(config)# access-list 103 permit udp any any eq 445

Router(config)# access-list 103 permit tcp any any eq 2869

Router(config)# access-list 103 permit udp any any eq 2869

Router(config)# access-list 103 permit tcp any any eq 1900

Router(config)# access-list 103 permit udp any any eq 1900

We have TAC Case # 602838861 “open” on this issue, but it is not exactly getting anywhere either over the last few days.

I might have to ask my good Cisco friends, Mike Volpi (mvolpi) and Joseph Pinto (jpinto), as they have assisted with some “strange” technical issues previously, for a new “feature request”; but as you know that will not happen quickly.

This Microsoft Remote Assistance worked fine two weeks ago with the Linksys RV082 without any “fancy modification” of it configuration, but the Linksys could not handle the ISP (Cablevision, Bethpage, New York (service referred to as OptOnline)) new increased bandwidth of 15/2Mbps, soon 30/2Mbps (with 50/50Mbps to be available). The Linksys RV082 is UPnP “compliant”.

Any further ideas?

Thanks,

Tim

16566-RA_DOCS.rar
0 Helpful

twojciac
Level 1
Level 1
In response to tdoran1

‎01-24-2006 07:20 AM

I interpreted the original post to state that you will be operating a site to site VPN between your router and the clients router. If this is true, there would be no need for the clients to start a VPN client, or do anything out of the ordinary to request assistance. By sending a request for help via e-mail, it will send the xml file which will contain their IP address (which can be reachable via the site to site VPN).

If you wanted to use TightVNC or another remote control program, you could even rely on a centralized WINS server for dynamic name resolution of all of the client PCs.

If UPnP is a hard and fast requirement, a feature request would have to be submitted if one hasn't already been filed.

tdoran1
Level 1
Level 1
In response to twojciac

‎01-24-2006 04:50 PM

Sorry for the confusion. . .

The C871W and C1841 should both be able to receive Microsoft Remote Assistance Requests. The C871W is located in my home, from where I often dispatch, and the C1841 will be located in the shop. There will a “site-to-site” VPN between them (probably GRE SPLIT EIGRP).

However, that does not mitigate the serious fact that a “key” function of our business is done “holding our client’s hands” remotely though Microsoft Remote Assistance, and often correcting their too frequent “boo-boo’s”; thusly both the C871W and C1841 must support receiving Microsoft Remote Assistance Requests.

Some of clients even confuse “left” and “right” mouse buttons, thus the “no touch” solution such as Microsoft Remote Assistance works very well for us.

Just opening port 3389 does not seem to “do it”, thus I believe it is because Microsoft Remote Assistance is an “UPnP (Universal Plug and Play)” application with very limited alternative communications connection ability built into the application.

I suspect it would be a “feature request”, but I doubt there would be enough interest for it to make it to “production”, and it would not be a “fast” process.

I think it would be a good feature to add, considering the new SMB market sales push by Cisco, and the market the C850/C870 ISR’s target.

Especially considering the Cisco is trending toward “self configuration” through SDM by the end user on C850/C870 ISR’s; having UPnP a “selectable option” (defaulting to not enabled) in SDM (and SDM Express) would help this type of end user greatly.

I sent out an email this morning to Joseph Pinto (jpinto) who will not be back in his campus office until Thursday expressing the above issues.

Thanks,

Tim

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card