01-23-2006 12:04 PM - edited 03-03-2019 11:32 AM
We need to be able to ACCEPT REMOTE ASSISTANCE REQUESTS (EXPERT) trough our C871W from our clients that may or may not have an UPnP (Universal Plug and Play) compliant security device as they SEND REMOTE ASSISTANCE REQUESTS (NOVICE).
It is imperative that we obtain ASAP a solution (workaround or whatever) from CISCO (or anyone else) that permits the C871W as well as the C1841 (when received) to be able to ACCEPT REMOTE ASSISTANCE REQUESTS (EXPERT) at all times from any type (UPnP, NoN-UPnP, No Device et al.) of incoming SEND REMOTE ASSISTANCE REQUESTS (NOVICE) from our clients.
The site location with the C871W had a Webramp security device (several years ago to last year), then tried a SonicWall (rejected after two weeks due to no REMOTE ASSISTANCE support), then a Linksys RV082 (C871W must faster in throughput then RV082), and now the C871W.
We also will be operating a site-to-site VPN between the C871W and the C1841.
We support very small SMB clients (usually under 25 users), there is just no other simple affordable remote client solution for them to use, and that requires no configuration of their systems for this support mechanism.
HELP!
Thanks,
Tim
01-23-2006 10:26 PM
Site to site VPN is your solution... as long as you're either allocating unique private address space to each customer, or doing static NAT (not PAT) over your VPN.
If the user send the request via e-mail or creates the file, the xml will contain the private ip address of the computer. As long as your site to site vpn is setup correctly, you'll be able to reach the remote computer on tcp/3389.
01-24-2006 06:23 AM
This is a good idea of using a VPN, however it does not meet the required simplicity criteria that I originally stated:
We support very small SMB clients (usually under 25 users), there is just no other simple affordable remote client solution for them to use, and that requires no configuration of their systems for this support mechanism.
Thus, what I am looking for is the following:
- No configuration, modification of any client (VPN) or software on clients system
- Dumb & Stupid level of complexity and operation Our clients have issues even with simple tasks such as cut & paste That is why I am avoiding using PCAnywhere or similar.
- Perceived client mindset of being in-control (security and/changes to system)
The Microsoft Remote Assistance (see attached file) offers the above, meets the criteria, and often allows us to do quick one off (new client, one time issue solving) remote evaluations without a site visit which can be difficult as it can take us one hour to go fifteen miles due to traffic conditions, as we operate in the Hamptons, and summer traffic is a no go.
We (and many of our clients) are receiving our internet feed from a CMTS headend through Cablevision, Bethpage, New York (service referred to as OptOnline), and thus have no static IP address assignments. Traditional data circuits are not an option for SMB clients out in this area, as costs can average over $ 1,000.00 per month or more due to mileage and other factors. Any form of DSL is usually not available, as the LEC VZ will not go past 15,000 wire feet from CO.
I believe the issue here is just not PORT 3389 (and several other MS PORTS that have been opened that may be related), but lack of UPnP support by Cisco; and I now strongly suspect that there is no workaround. Moreover, we do have 3389 open.
Router(config)# access-list 103 permit tcp any any eq 3389
Router(config)# access-list 103 permit udp any any eq 3389
Router(config)# access-list 103 permit tcp any any eq 135
Router(config)# access-list 103 permit udp any any eq 135
Router(config)# access-list 103 permit tcp any any eq 445
Router(config)# access-list 103 permit udp any any eq 445
Router(config)# access-list 103 permit tcp any any eq 2869
Router(config)# access-list 103 permit udp any any eq 2869
Router(config)# access-list 103 permit tcp any any eq 1900
Router(config)# access-list 103 permit udp any any eq 1900
We have TAC Case # 602838861 open on this issue, but it is not exactly getting anywhere either over the last few days.
I might have to ask my good Cisco friends, Mike Volpi (mvolpi) and Joseph Pinto (jpinto), as they have assisted with some strange technical issues previously, for a new feature request; but as you know that will not happen quickly.
This Microsoft Remote Assistance worked fine two weeks ago with the Linksys RV082 without any fancy modification of it configuration, but the Linksys could not handle the ISP (Cablevision, Bethpage, New York (service referred to as OptOnline)) new increased bandwidth of 15/2Mbps, soon 30/2Mbps (with 50/50Mbps to be available). The Linksys RV082 is UPnP compliant.
Any further ideas?
Thanks,
Tim
01-24-2006 07:20 AM
I interpreted the original post to state that you will be operating a site to site VPN between your router and the clients router. If this is true, there would be no need for the clients to start a VPN client, or do anything out of the ordinary to request assistance. By sending a request for help via e-mail, it will send the xml file which will contain their IP address (which can be reachable via the site to site VPN).
If you wanted to use TightVNC or another remote control program, you could even rely on a centralized WINS server for dynamic name resolution of all of the client PCs.
If UPnP is a hard and fast requirement, a feature request would have to be submitted if one hasn't already been filed.
01-24-2006 04:50 PM
Sorry for the confusion. . .
The C871W and C1841 should both be able to receive Microsoft Remote Assistance Requests. The C871W is located in my home, from where I often dispatch, and the C1841 will be located in the shop. There will a site-to-site VPN between them (probably GRE SPLIT EIGRP).
However, that does not mitigate the serious fact that a key function of our business is done holding our clients hands remotely though Microsoft Remote Assistance, and often correcting their too frequent boo-boos; thusly both the C871W and C1841 must support receiving Microsoft Remote Assistance Requests.
Some of clients even confuse left and right mouse buttons, thus the no touch solution such as Microsoft Remote Assistance works very well for us.
Just opening port 3389 does not seem to do it, thus I believe it is because Microsoft Remote Assistance is an UPnP (Universal Plug and Play) application with very limited alternative communications connection ability built into the application.
I suspect it would be a feature request, but I doubt there would be enough interest for it to make it to production, and it would not be a fast process.
I think it would be a good feature to add, considering the new SMB market sales push by Cisco, and the market the C850/C870 ISRs target.
Especially considering the Cisco is trending toward self configuration through SDM by the end user on C850/C870 ISRs; having UPnP a selectable option (defaulting to not enabled) in SDM (and SDM Express) would help this type of end user greatly.
I sent out an email this morning to Joseph Pinto (jpinto) who will not be back in his campus office until Thursday expressing the above issues.
Thanks,
Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide