How to Access a NAT'ed Windows Server via a VPN solution
- by Grant Moyle on October 16, 2009 8:55 AMI received an email from LearnItFirst user, Armand, today asking about Windows Server training on using VPNs and Windows Server:
If you have a training video(s) on how to access a NAT'ed Windows server via a VPN solution (via Cisco or any 3rd party tunneling tool), that'll be greatly appreciated. I'm trying to carve out a small I.T. business of my own (with the stuff I'm learning from YOU!!!) and one of my biggest challenge is how to 'tunnel' into a customer's intranet without having to buy expensive firewall/switch equipment. The solution I'm currently using is "GotoMyPC" by Citrix (poor man's VPN) but the monthly subscription can/does add up quickly.
We don't have any videos dealing with this specifically because it typically has something to do with your firewall - and not windows specifically.
Here is the scenario you need, and pretty much ANY home or small-business router has the capability. However, Security should be an important concern - so you might end up staying with GoToMYPC. (BTW: If you try to cancel your account with GoToMyPC - they will often drop the price significantly to keep you around).
NAT shares a single IP address with multiple internal computers.
When an internal computer goes out to the internet, the NAT substitutes it's public IP address and makes the connection to the public web server. It also makes a note in a table that it should send return traffic back to the internal computer
Here is what it kinda looks like - if you understand IP Addresses and Ports. Assume we have 2 PC's inside our network
Both can surf the web at the same time, because the NAT will replace the internal IP address (the 192.168.0.10 & .11) with the outside address, and make the connect tot he remote web servers. As you can see in the above diagram, both PC #1 and PC#2 are surfing the same website, and PC #1 also has a connection to another web server. The NAT knows that anything coming back from the web server to Port 5543 should be send back to PC #1 port 2605, anything coming back from the Web Server to port 5544 should go back to PC #2 port 8731, and anything coming back from the third web server to port 5548, should go back to PC #1 on port 2606. The 2605, 8731, and 2606 are dynanically assigned, since they tell the remote server where to send data back).
The problem is - what happens if someone sends a packet to Port 3389 (the Remote Desktop Port) to 67.1.2.3 (the public IP address of our NAT). since there is NOTHING in the table - it will ignore the request.
If you have a static public IP address (or a pretty stable dynamic public IP) - you can add an entry on your router that says
![clip_image002[6]](http://www.techurbia.com/WindowsLiveWriter/HowtoAccessaNATedWindowsServerviaaVPNsol_7C98/clip_image002%5B6%5D_1.jpg "clip_image002[6]")
If it's a simple Netgear or Linksys - you will probably find this under a DMZ Host (which is usually just expose this specific internal address to the Internet on the public). Look for an option such as DMZ Host, or port mapping where you specific the external port (RDP is 3389) and which host you want that routed to)
A mid-range device will be easy to manage (like a Cisco SA520 or SA540, or Sonicwall) - in the $400-$800 range
For example - here is an screen shot from the Cisco SA540 - on the IPv4 Rules - I would just add the rule (for the type of service), the Outside address, and the inside address)
![clip_image002[8]](http://www.techurbia.com/WindowsLiveWriter/HowtoAccessaNATedWindowsServerviaaVPNsol_7C98/clip_image002%5B8%5D.jpg "clip_image002[8]")
If you have a more complicated environment - I HIGHLY recommend something like a Cisco ASA5505 (less than US $400 for a less than 10 user model, less than $600 for a 50 user model) then this will be done with NAT rules and Security Rules. (the NAT rules define the IP address translation for incoming connections, and can even do Port translation - which is what I'm showing in the table above). Even better - these all support VPN connections, so you can remotely connect and it looks like you are sitting inside the network.
And here is the sort of things you would see on a Cisco ASA5505
These are NAT rules (we have 5 public IP addresses on this network - so we specify which Internal hosts are exposed on the outside)
![clip_image002[10]](http://www.techurbia.com/WindowsLiveWriter/HowtoAccessaNATedWindowsServerviaaVPNsol_7C98/clip_image002%5B10%5D.jpg "clip_image002[10]")
Security rules (specifying what Source addresses can connect to what ports)
![clip_image002[12]](http://www.techurbia.com/WindowsLiveWriter/HowtoAccessaNATedWindowsServerviaaVPNsol_7C98/clip_image002%5B12%5D.jpg "clip_image002[12]")
Hope this helps
- Grant
Very nice article I think your Windows readership will enjoy it. Good job!
Very good article, well done for taking the time to help out your reader.
I would like to invite you try out our solution at www.accessmylan.com
Although it is a monthly subscription model the rate begins at $9.99 and the features are what you would expect from a typical VPN solution, like those you have described in your article, not simply RDP or similar.
There is a 30 day free trial available and I would be delighted to hear your feedback on the solution.
It can strike down your offline commercializing prices too if you get it terminated decently. Picking Up someone who not only does SEO but does the content conception and distribution for you as well as keyword search, updating content on your web site and blog, having professionaly published releases at under prices as remarked above is what suits many small occupation owners and yet there are many who seek to do it themselves, they get confounded as they dont have the knowledge or the technical sciences to do it promptly and they give up. Thank you for this article! I've just obtained a surely incredible news site about money Seek it!
Very interesting way to market on facebook. I also found a way to automate a couple very powerful methods of getting users. You can grab ID by groups or pages or wall posts with this program. Then once you have the IDs you can do a friend blast to your user ID or sudo profile. This by passes the captcha codes too. There is also a cool chat program that you can setup scripts and keyword to work with. This program, when I use it I can see a spike in my site traffic. It is sweet...
I've been trying to speak with my Natwest Business Account "relationship manager" since before Christmas only direct number to her is mobile, always on voicemail where she says she will endeavour to get back to me by the end of the day ha ha ha. The office number where I am assured that someone will be able to help me quickly tells me (when it is not constantly engaged) and I quote, that I will need to speak to "one of her little chums".
Console Toolkit from Shinobii helps you to repair your video game consoles by opening up them without difficulty. I tried with my Super Nintendo,Nintendo 64 and I also opened my Nintendo GameCube easily with out breaking anything. I recommend to all who owns any type of Video game console like the ones I have or this others like DS and microsoft xbox and xbox 360 and ps3 and more. if you want clean or repair your systems and even you can repair your own cell and this tools will not be found on hard ware store and I recomend this Product Console Toolkit for all your repairs and cleaning also for upgrades.
Thankyou, I never knew this, thankyou.
La télécommande de Xcross pour Nintendo Wii vous donne une gamme de jeu sans fil jusqu'à 5m, elle comporte une D-garniture robuste et stable, des boutons d'action sensible, le haut-parleur intégré, la vibration et est entièrement compatible avec tous les contrôleurs et accessoires additionnels (MotionPlus y compris).
Great post!
Fine and clean site you have! I have created a new site, if you are interested in DSL Game BitTorrents you will digg it! the address is w w w . g a m e s - i s o . c o m. NO registration required
Fine and clean blog you have! I have created a new site, if you are interested in Wii Game Torrents you most likely digg it! the address is games-iso.com. NO registration required
I don’t usually reply to posts but I will in this case, great info...I will bookmark your site. Keep up the good work!
Thanks so much for this post! Earlier today I found another yehaah site de web totally full with torrantanas for consoles like wii, xbox 360, ds and so on. Gratitudes!
I like this site and saw it on AOL search. I guess your thoughts on How to Access a NAT'ed Windows Server via a VPN solution | TechUrbia - A LearnItFirst Blog are right on. Thanks for blogging about this and looking forward to reading more on your site.
Totally digg your website. Yesterday I found another excellent site de web featuring gaming downloads for consoles like wii, xbox 360, ds and so on. Gracias muchos!
Hey, you have a great blog here! I'm definitely going to bookmark you!
If you enjoyed this site you'll almost certainly like this site too: http://www.winfreegiftcardsonline.com . It is an awesome site for winning gift cards online .
If you enjoyed this post you'll doubtless like this site too: http://www.winfreegiftcardsonline.com . It is a great site for winning gift cards on the internet.
Keep up the good work, bookmarked and referred a couple of friends.
I truly like your publish. Does it copyright guarded?
Your web site is well worth beeing in the very best cause it consists of actually remarkable info.
Not quite a few men and women imagine the same way as you. That includes me.. sorry :)
I finally decided to drop a comment, and let me tell you this is another very strong and powerful post. I've been reading through some of your previous posts and have been visiting your blog every now and then. I signed up for your newsletter and shared your site with my contacts, so please keep up the informative posts and return the favor. :)
Good luck on your blog, and feel free to comment and subscribe to my blog as well when you get a chance: Make Money Online with Dino Vedo.
Thanks so much, and lets stay connected and maybe share some ideas, do some guest posts, and get us both some more traffic and backlinks!
All the best,
Dino Vedo
i very love this blog. nice celebrity info that keeps me contemporary on all the news. Read the watches time http://www.watcheslux.com.
I've been into blogging for quite some time and this is definitely a effective and well written post. I signed up for your newsletter and shared it with my other blogger friends, so please keep up the informative posts!
Good luck on your blog, and feel free to comment and subscribe to my blog as well when you get a chance: Make Money Online with Dino Vedo.
Thanks so much, and lets stay connected and maybe share some ideas, do some guest posts, and get us both some more traffic and backlinks!
All the best,
Dino Vedo
I finally decided to drop a comment, and let me tell you this is another very strong and powerful post. I've been reading through some of your previous posts and have been visiting your blog every now and then. I signed up for your newsletter and shared your site with my contacts, so please keep up the informative posts and return the favor. :)
Good luck on your blog, and feel free to comment and subscribe to my blog as well when you get a chance: Make Money Online with Dino Vedo.
Thanks so much, and lets stay connected and maybe share some ideas, do some guest posts, and get us both some more traffic and backlinks!
All the best,
Dino Vedo
www.webfruits.it/dblog/articolo.asp?articolo
Good post, adding it to my blog now, thanks
I would like to propose not to wait until you earn enough cash to order goods! You can get the loans or just short term loan and feel free
This valuable phrase encourages readers to respond in a relaxed way and with out limit on condition such responses fall within definite boundaries. This unique sentence features an internet in-joke that doesn’t quite fit the topic.
Hilaria Trochesset
Modesto Guldin
Latesha Tacconi
Ramona Dooms
Larita Manna
Marleen Jameson
Mickey Pastula
Good post, thanks
Hey!Yo!Whatsup!Wow! Been reading your blog for a couple days, and Im so excited about the impending release of the Nintendo 3DS. I mean, the analogue slider, 3D technology and 3D screen is just so cool.
Yo!Whatsup! Been subscribed your blog for a couple weeks, and Im so thrilled about the impending release of the Nintendo 3DS. I mean, 3D screen technology, 3D technology and 3D screen is just so cool.
Hey! Been watching this blog for a number of months, and Im so excited about the impending release of the Nintendo 3DS. I mean, 3D screen technology, 3D technology and 3D screen is just so cool.
Well written, thanks for sharing this with us.
I'm excited to be finally posting online after all these years. There really is no mystique (sp) about it, is there? I just dropped by your blog and had to write something. I'm a recent college grad, journalism major if you must know, and I absolutely love the art of photography. I've got my website up but it's nothing to brag about yet. None of my stuff's been posted. Soon as I figure out how to do that, I'll spend the day posting my best shots. anyway just thought I'd drop a line. I hope to return with more substantial stuff, stuff you can actually use. SPG
JUST FOR GIRLS
I like your site.
This is a good post.
I like your site.
This post is great.
Gday, Exactly where was this website when I began blogging 4 years ago?! Seriously this website would have reduced the level of exploration I had to perform as I went about my blogging lifestyle. It would most likely also have aided me to make a acceptable revenue sooner as well.
Wonderful to read!
What a thorough and informative weblog. In reality, although this can be my initial time of visiting this weblog, i have to confess that I've found a fantastic resource center. I can,t afford to miss out on this page. Bless you and maintain up the fine operate.Many thanks!
Wow!It is amazing,nearly as well significantly to digest. Wonderful operate.
Thank you regarding taking some time to discuss this, I sense strongly about it and love understanding much more on this topic. If achievable, as you obtain expertise, would you thoughts updating your weblog with additional information? It really is highly useful.
browser. Anyhow keep up the good work.
English Vocabulary in Use. - Stuart Redman new edition English Vocabulary in Use pre-intermediate & intermediate Stuart Redman English Vocabulary in Use pre-intermediate & intermediate is primarily designed as a self-study reference and practice text but it can also be used for classroom ....
Super text, I will add this blog to my favorites.
Electronics are the greatest things in the world. Be sure to patent any product idea or invention you come up with. So that noone copies any of your ideas. How To Patent An Idea
Just wanted to let you know... your website looks very peculiar in Safari on a mac
If anyone is looking for cheap hosting / domain registration for a new project go to 1and1 (link) They are offering a year of free hosting with 2 FREE domains and unlimited traffic.
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
A very interesting read and a great post alltogether. Would you mind if I posted the same article on my blog (with a reference to your website)?
Nice site and great text.
Excellent job.
A topic close to my heart thanks. Please consider a follow up post.
What does not destroy me, makes me stronger. — Nietzsche
Excellent job.