Remote Admin on a XP Pro client behind a NAT

[Guest]

I may be going about this the wrong way but currently my company has many
laptops out all over the country that connect to the internet through various
ISPs, most of which use NAT. I need to be able to manage these machines and
my prefered way to do this is to have these machines create a VPN connection
to the server in our central office (it has a static IP) and then to use
Remote Desktop to do what ever I need to do on the remote PC. The problem
here is that as soon as I login to the remote PC it logs the current user on
that PC out, which causes the VPN connection to die.

How do I get around this? Is there any way to keep the VPN connection open?

Thanks,
Wells

 

[Sigmundur Jonsson]

I may be going about this the wrong way but currently my company has many
laptops out all over the country that connect to the internet through various
ISPs, most of which use NAT. I need to be able to manage these machines and
my prefered way to do this is to have these machines create a VPN connection
to the server in our central office (it has a static IP) and then to use
Remote Desktop to do what ever I need to do on the remote PC. The problem
here is that as soon as I login to the remote PC it logs the current user on
that PC out, which causes the VPN connection to die.

How do I get around this? Is there any way to keep the VPN connection open?

Thanks,
Wells

Remote Desktop from Windows does that. Just use RealVNC(need VPN or open
port) or logmein.com (No need for NATed port/open port ).
LogMeIn is really great because you don't need open port for it and it
has something for Big LANS and stuff. Just check it out

 

[Guest]

Thanks Sigmundur for the reply. I downloaded and installed RealVNC but I
don't see how it helps me. If I understand it correctly I have to install
the VNC server on the laptops, but I still wouldn't be able to connect to
them with the VNC viewer because it is the laptops that are NATed. Also it
doesn't appear that VNC allows me to login as a different account than the
user...

I guess what I really need is a VPN client that runs at the driver level or
that runs as a service so that I can have the laptops automatically build
tunnels to my server that persist across logins. Do you know of anything
that might do this?

Thanks,
Wells

 

[Doug Knox MS-MVP]

The Cisco VPN client we use has an option to remain active, even if the user logs off. It will actually come up as part of the logon process so the user can authenticate against the VPN server, then logon via the domain. Log off and the VPN client is still running in the background and the machine can be administered remotely.

 

[Sigmundur Jonsson]

Thanks Sigmundur for the reply. I downloaded and installed RealVNC but I
don't see how it helps me. If I understand it correctly I have to install
the VNC server on the laptops, but I still wouldn't be able to connect to
them with the VNC viewer because it is the laptops that are NATed. Also it
doesn't appear that VNC allows me to login as a different account than the
user...

I guess what I really need is a VPN client that runs at the driver level or
that runs as a service so that I can have the laptops automatically build
tunnels to my server that persist across logins. Do you know of anything
that might do this?

Thanks,
Wells

Oh i forgot, you need to forward TCP 5900(maibe 5800 too for the
java/web browser version). but LogMeIn does NOT require open ports.
Check out this link: https://secure.logmein.com/go.asp?page=products_it

 

[Guest]

Thanks Sigmundur, I'll give that a try.

Wells

Oh i forgot, you need to forward TCP 5900(maibe 5800 too for the
java/web browser version). but LogMeIn does NOT require open ports.
Check out this link: https://secure.logmein.com/go.asp?page=products_it

 

[Guest]

That sounds perfect (well, actually perfect would be if windows xp already
did this). Do you know if Cisco has any trial software programs so that I
can test it to make sure it works? I've looked all over their site and I
couldn't find anything...

Thanks,
Wells

 

[Doug Knox MS-MVP]

I don't know if Cisco offers trial versions or not. You should check the options for the VPN client you're currently using. I would expect almost any good VPN client to allow for integration with the logon sequence.

 

[Guest]

Doug, Its not so much that I want the VPN Client to integrate with the login
process, but rather that I need the VPN connection to persist across logins
and log outs. I have setup a VPN connection on a test machine and I can use
it during login by selecting the "Log on using a dial-up connection"
checkbox. But what I ultimately want to do is to a login via Remote Desktop
from the other side of the VPN connection, and when I try this the first
thing that Windows XP does is log out the current user. This in turn kills
the vpn connection.

I'm sure that this is not an unusal situation, but I just can't seem to find
a way around it...

Wells

 

[Doug Knox MS-MVP]

You need to set the VPN client to remain active, even if the user logs off, if your VPN client supports it. The Cisco client we're using has an option for just this setting.

 

[Leythos]

[snip]

Why don't you have your application or need work across a SSL
connection. Write a service that makes a SSL connection when the OS
boots, have it run on a timer and poll/update as needed.

You are not going to find a VPN solution that will start when the OS
starts without manual intervention.

 

[Guest]

Thanks Doug. I am currently using the Windows XP VPN Client and it does not
appear to have a "remain active" option (either that or it is hidden really
well). I'll try posting in the windows server group to see if the folks
there have any additional ideas.

Thanks again,
Wells