VNC a pc behind cisco & broadband router

September 24, 2009 at 08:07:17
Specs: Windows XP
I want to operate my PC using realVNC or similar remote control application . My pc (PC2 in [link deleted] is connected to a cisco router at my site and that cisco router is connected to another cisco router 2611 at headoffice and headoffice cisco router is connected to a broadband router with static ip. So far i'm able to telnet headoffice cisco router over internet which I did using port forwarding at broadband router level.everything is available at ping level in telnet but I do not know how to reach PC2 over VNC[link deleted] Click to see graphical representation please help thankx

See More: VNC a pc behind cisco & broadband router

Report •

September 24, 2009 at 09:38:40
Links deleted. Don't link to porn sites if you don't want your posts deleted.

My suggestion would be to connect to a server in your lan [rdp or vnc] and then vnc from it to pc2

Problem would be that the internal router is using private not public ip and as such is not addressable from the internet.

Report •

September 24, 2009 at 09:58:25
Even simpler.

Google "Team Viewer" and go to their website and have a quick read.

Basically, it's remote access software you install on both ends. You connect to Team Viewers servers and then get your remote connection through them. This removes any/all need for port forwarding or firewall and/or routing rules as it's all controlled by them.

I use this to connect to my dad's PC when he has problems. He can sit and watch what I'm doing and learn.

Report •

September 24, 2009 at 20:41:05
hey wanderer I didn't gave any porn site link just uploaded the graphical representation of my network scenario anyway I have uploaded on imageshack this time for anyone else who want to reply
Network scenario

thanks for the reply

Report •

Related Solutions

September 25, 2009 at 09:28:52
You have to allow Port 5900 on the ACLs. Not recommended though. I use VNC and have a 2811 Cisco Router but I would never do it this way because any one with VNC will be able to control your computers on your network. Setup a VPN combiner (which I believe your router supports) and install the VPN Client on the computer you want to remote in with. This way all traffic across the internet will be encrypted. Then you should be able to VNC just fine.

The red line connecting the two offices is I am assuming a T1 or some kind of dedicated ATM line am I correct? I am also assuming that your problem with VPN is not necessarily from a computer out on the internet and that you are have problems remoteing from the different subnets. Is this the case? If so then open port 5900 on the ACLs for the Serial port on your two routers. Make sure you do it on both the inbound and outbound.

(Security Warnings)

I am a Chief Information Officer at my company and noticed some security issues. You should block telneting to your router from the WAN side because you will get hacked by leaving that open. I hope you have a strong password on your admin login.

Last, never list your Public or Private IPs on the forum and is probably why your first post got deleted to protect your security. With the information list in your diagram any one can own your network with a simple brute force attack. Hide your last couple of octets will help a little.

Just a little tidbit of Remote Controlling computers securely. Any time you open up the ability to remote control a computer RDP, VNC, LogMeIn, Go To My PC, or ETC you open a hole that can be exploited. One of the ways you can secure this is by using a proxy computer. In the case of VNC you setup one computer with a Static IP then on your Edge Router or Firewall you setup an ACL that only allows port 5900 for that specific IP Address. This way hackers are only able to remote to that computer and no other on your network if they happen to figure out a zeroday or exploit attack on VNC. With this you can make sure that computer is not on your domain so if it is attacked the hacker can get no where. Then you can setup IDS or logging on that computer to keep track of who has accessed it and when. Also, the hacker will need to authenticate on this computer before he can remote to any other computers on your network so you have two layers of security. Then you setup the client computers to only allow VNC connections with only that computer so that people are not remoteing to other peoples computers and to protect against an internal attack.

This is the way I have mine setup and yes I use VNC and not RDP because every one tries to hack Microsoft products over Linux products.

*He puts his Soap Box away*

Report •

September 25, 2009 at 12:29:11
Ace, you should have a look at Team viewer's a whole lot simpler.

Just a little tidbit of Remote Controlling computers securely. Any time you open up the ability to remote control a computer RDP, VNC, LogMeIn, Go To My PC, or ETC you open a hole that can be exploited.

I use RDC to connect to my home PC. I've got it setup to run through an encrypted ssh tunnel that goes from my work PC to a UNIX box in my home.

A quick google search yielded the following links The first two are what you want to look at for doing it in windows. The fourth link is how to encrypt VNC links the same way.

But, Team Viewer is still simpler. I've been using the setup I have running with the encrypted ssh tunnel from my work PC to my home PC for quite some time now and only recently learned about Team Viewer (oh, and no, I don't work for them). I use Team Viewer to remote into my dad's PC (he lives some 400+ miles away) from my home PC, but didn't see any point in changing my connection from work to home (if it ain't broke, don't fix it right).

Anyhow, I thought you might like to know....

Report •

September 25, 2009 at 14:30:56
I think PIX and other firewalls block imageshack as porn or other malware sites.

Playing to the angels
Les Paul (1915-2009)

Report •

September 25, 2009 at 23:27:01
dear ACE thanks for detailed answer, well the IP shown in fig are not real but does represent the real scenario, The two routers are connected to each other using Digital Leased Line over serial interfaces. Actually we are routing internet from headoffice to remote site also we can connect to any computer from headoffice to remote site.It is a simple configuration no IP/routing structure involve at Provider level.

As my remote site operate 24/7 therefore I must need to reach my WAN for diagnosis anytime anywhere.

Anyway let me went through your suggestion VPN Combiners can you please guide me little further in this.Also please keep in mind that my PC2 is behind two routers with private addresses as per WANDERER statement they r not addressable publicly

Updated network fig

Report •

September 26, 2009 at 00:00:10
dear CURT the team viewer is a real fantasy.Thanks for introducing the great tool.

However the process doesn't involve any learning therefore I'm still looking for to create VPN by configuring routers, And being not a an expert of routing I need help to

Report •

Ask Question