03-22-2010 11:30 AM
I hope everyone had a nice weekend. I need some help regarding remote access to a workstation.
I have a couple of users who remotely access their work computers through a SA 700. We installed a VNC server on their respective computers. On the SA, we configured a web book mark in a defined policy which directs the user to http://computer name:5801. Port 5801 is open for the VNC on our SSG5 firewall. From there, the user is able to remotely access his machine.
It worked for many days and just stopped working which is unfortunate. Can some recommend an alternative setup that works for their users or other information sources that allow users to connect to their computers from outside the domain? I can't use terminal services since I have smallest SA.
03-22-2010 11:51 AM
things do not just stop working? did you make a configuration change? is there a license issue? is there an error message that you are getting? there are other solutions but if VNC was working and your users are working with this now no need to change the method and go to a new solution.
03-22-2010 12:41 PM
Things do and will stop working, but that's another conversation in itself. Thus far I can't find any issues in the logs of the firewalls or the SA and changes have not been made to either. IP addresses, ports are correct.
I'm using TightVNC so no license issues. The TightVNC interface loads as normal (so I assume the port configuration is correct), then the connection drops, screen turns blank with an error Network Error, unable to open connection. I'm sure that its a VNC issue, I simply wondered if other techs had trouble using Web book marks. Thanks
03-24-2010 09:50 PM
Since the traffic is passing via rewrite, the only thing to check on IVE would be ACL's. Now that you mentioned it worked fine sometime back and it stopped I would assume all configs are still in place.
The best utility will be capture a TCP dump on IVE when accessing this bookmark, that should give some info on what could be cauing the error.
Atleast this way you can rule out IVE completely as being a problem source.