|You have to allow Port 5900 on the ACLs. Not recommended though. I use VNC and have a 2811 Cisco Router but I would never do it this way because any one with VNC will be able to control your computers on your network. Setup a VPN combiner (which I believe your router supports) and install the VPN Client on the computer you want to remote in with. This way all traffic across the internet will be encrypted. Then you should be able to VNC just fine. |
The red line connecting the two offices is I am assuming a T1 or some kind of dedicated ATM line am I correct? I am also assuming that your problem with VPN is not necessarily from a computer out on the internet and that you are have problems remoteing from the different subnets. Is this the case? If so then open port 5900 on the ACLs for the Serial port on your two routers. Make sure you do it on both the inbound and outbound.
I am a Chief Information Officer at my company and noticed some security issues. You should block telneting to your router from the WAN side because you will get hacked by leaving that open. I hope you have a strong password on your admin login.
Last, never list your Public or Private IPs on the forum and is probably why your first post got deleted to protect your security. With the information list in your diagram any one can own your network with a simple brute force attack. Hide your last couple of octets will help a little.
Just a little tidbit of Remote Controlling computers securely. Any time you open up the ability to remote control a computer RDP, VNC, LogMeIn, Go To My PC, or ETC you open a hole that can be exploited. One of the ways you can secure this is by using a proxy computer. In the case of VNC you setup one computer with a Static IP then on your Edge Router or Firewall you setup an ACL that only allows port 5900 for that specific IP Address. This way hackers are only able to remote to that computer and no other on your network if they happen to figure out a zeroday or exploit attack on VNC. With this you can make sure that computer is not on your domain so if it is attacked the hacker can get no where. Then you can setup IDS or logging on that computer to keep track of who has accessed it and when. Also, the hacker will need to authenticate on this computer before he can remote to any other computers on your network so you have two layers of security. Then you setup the client computers to only allow VNC connections with only that computer so that people are not remoteing to other peoples computers and to protect against an internal attack.
This is the way I have mine setup and yes I use VNC and not RDP because every one tries to hack Microsoft products over Linux products.
*He puts his Soap Box away*