VPN to a server behind a firewall on NATed network

Here is the situation: a server in a serviced office where we have no
control over the router/firewall.
I know that 1723/tcp is open. Question is is it possible to get the
VPN to the right computer behind that firewall without involving the
people who manage the router and are completely unhelpful? Thanks
yaro

Do you mean VPN? You could use GoToMyPC or Webex to have a connection to the
server over http,
Anthony
www.airdesk.com

"yaro137" <(E-Mail Removed)> wrote in message
news:976db6db-6ad9-4074-b1fc-(E-Mail Removed)...
> Here is the situation: a server in a serviced office where we have no
> control over the router/firewall.
> I know that 1723/tcp is open. Question is is it possible to get the
> VPN to the right computer behind that firewall without involving the
> people who manage the router and are completely unhelpful? Thanks
> yaro

On May 14, 6:12*pm, "Anthony [MVP]" <anth...@no-reply.com> wrote:
> Do you mean VPN? You could use GoToMyPC or Webex to have a connection to the
> server over http,
> Anthonywww.airdesk.com
>
> "yaro137" <yaro...@googlemail.com> wrote in message
>
> news:976db6db-6ad9-4074-b1fc-(E-Mail Removed)...
>
> > Here is the situation: a server in a serviced office where we have no
> > control over the router/firewall.
> > I know that 1723/tcp is open. Question is is it possible to get the
> > VPN to the right computer behind that firewall without involving the
> > people who manage the router and are completely unhelpful? Thanks
> > yaro

Yeah, I'm on NTRSupport but it's bit of a pain. Getting RDP connection
would work much better for me.
yaro

On May 15, 1:04*pm, "Bill Kearney" <wkearne...@hotmail.com> wrote:
> > Here is the situation: a server in a serviced office where we have no
> > control over the router/firewall.
> > I know that 1723/tcp is open.
>
> Open? *To what IP address? *It's not a matter of simply "opening" theport,
> it has to be directed to somewhere. *That and VPN traffic requires morethan
> just TCP forwarding, it also requires type 47 GRE packets.
>
> > Question is is it possible to get the
> > VPN to the right computer behind that firewall without involving the
> > people who manage the router and are completely unhelpful? Thanks
>
> If you're paying for connectivity then their help is to be expected, crack
> the whip.

Yes, I know... It's only the external address that would accept
traffic on 1723
but no way of telling where it goes if anywhere at all. I was just
wandering if
knowing the external and internal IP I could use some software or
something
that would prepare the frames in a way so once they hit the external
IP they
would release some external part of their header so then another
header with
the internal IP is presented to the router.
I must say I've got no idea how would it look from programming point
of view
and whether it's feasible at all. Probably not but just speculating.
yaro

"yaro137" <(E-Mail Removed)> wrote in message news:71194daf-b2cb-4427-8727-(E-Mail Removed)...
Yes, I know... It's only the external address that would accept
traffic on 1723
but no way of telling where it goes if anywhere at all. I was just
wandering if
knowing the external and internal IP I could use some software or
something
that would prepare the frames in a way so once they hit the external
IP they
would release some external part of their header so then another
header with
the internal IP is presented to the router.
I must say I've got no idea how would it look from programming point
of view
and whether it's feasible at all. Probably not but just speculating.
yaro


Yaro,

If it were possible to manipulate the port remaps from the external side as you've described, it would be a huge security risk. Imagine the vulnerabilities that it would open. It is not possible. As others mentioned, you're better off with remote tools such as GoToMyPC, TeamViewer, etc.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
(E-Mail Removed)

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay

On May 19, 1:52*am, "Bill Kearney" <wkearne...@hotmail.com> wrote:
> > Yes, I know... It's only the external address that would accepttraffic on
> > 1723
> > but no way of telling where it goes if anywhere at all.
>
> Sure there is, no need to wonder at all. *The router's configuration would
> tell you. *You need to have whomever is configuring the router confirm that
> it is setup according to your needs. *If you can't confirm this then it's
> utterly pointless to bother continuing trying to use a VPN.
>
> As for the whole header gibberish, yes, that's what port forwarding on the
> router DOES.

Thanks guys. I guess I'll have to talk to the people who manage the
router again
probably with the same result meaning "we don't give a flying f* about
what
you need here is your Internet connection and now get lost" ;-)
yaro

"yaro137" <(E-Mail Removed)> wrote in message
news:6ba1f6a5-0dee-4914-97a6-(E-Mail Removed)...
On May 19, 1:52 am, "Bill Kearney" <wkearne...@hotmail.com> wrote:
> > Yes, I know... It's only the external address that would accepttraffic
on
> > 1723
> > but no way of telling where it goes if anywhere at all.
>
> Sure there is, no need to wonder at all. The router's configuration would
> tell you. You need to have whomever is configuring the router confirm that
> it is setup according to your needs. If you can't confirm this then it's
> utterly pointless to bother continuing trying to use a VPN.
>
> As for the whole header gibberish, yes, that's what port forwarding on the
> router DOES.

>Thanks guys. I guess I'll have to talk to the people who manage the
>router again
>probably with the same result meaning "we don't give a flying f* about
>what
>you need here is your Internet connection and now get lost" ;-)
>yaro

My reply to this would be to find another company to manage your IT system
NOW!!

Any IT company that refuses to provide the services that the user require,s
get what they deserve when they have no customers and then go bump.

"yaro137" <(E-Mail Removed)> wrote in message news:6ba1f6a5-0dee-4914-97a6-(E-Mail Removed)...

> Thanks guys. I guess I'll have to talk to the people who manage the
> router again
> probably with the same result meaning "we don't give a flying f* about
> what
> you need here is your Internet connection and now get lost" ;-)
> yaro

Sometimes politics is hard to overcome within a company when the IT department is broken into groups.

Ace