SSL VPN
Reply
Visitor
elmos44
Posts: 4
Registered: ‎03-18-2010
0

remote access to workstation

Hello,


I hope everyone had a nice weekend. I need some help regarding remote access to a workstation.

 

I have a couple of users who remotely access their work computers through a SA 700. We installed a VNC server on their respective computers. On the SA, we configured a web book mark in a defined policy which directs the user to http://computer name:5801. Port 5801 is open for the VNC on our SSG5 firewall. From there, the user is able to remotely access his machine.

 

It worked for many days and just stopped working which is unfortunate. Can some recommend an alternative setup that works for their users or other information sources that allow users to connect to their computers from outside the domain? I can't use terminal services since I have smallest SA.

 

Thanks

Trusted Contributor
Mrkool
Posts: 248
Registered: ‎02-28-2008
0

Re: remote access to workstation

things do not just stop working? did you make a configuration change? is there a license issue? is there an error message that you are getting? there are other solutions but if VNC was working and your users are working with this now no need to change the method and go to a new solution.

SA-6500 (7.3R3) Production
MAG 4610 (7.4) Lab
Visitor
elmos44
Posts: 4
Registered: ‎03-18-2010
0

Re: remote access to workstation

Things do and will stop working, but that's another conversation in itself.  Thus far I can't find any issues in the logs of the firewalls or the SA and changes have not been made to either. IP addresses, ports are correct. 

 

I'm using TightVNC so no license issues.  The TightVNC interface loads as normal (so I assume the port configuration is correct), then the connection drops, screen turns blank with an error Network Error, unable to open connection. I'm sure that its a VNC issue, I simply wondered if other techs had trouble using Web book marks. Thanks

Moderator Moderator
Moderator
RKB
Posts: 152
Registered: ‎09-22-2008
0

Re: remote access to workstation

Since the traffic is passing via rewrite, the only thing to check on IVE would be ACL's. Now that you mentioned it worked fine sometime back and it stopped I would assume all configs are still in place.

The best utility will be capture a TCP dump on IVE when accessing this bookmark, that should give some info on what could be cauing the error.

Atleast this way you can rule out IVE completely as being a problem source.

Juniper Employee
Juniper Employee
rvi
Posts: 16
Registered: ‎04-02-2009
0

Re: remote access to workstation

is there any alert printed to users session when this happens.. if yes is the alert from SA or from the vnc client?

 

Also check access logs when this  happens.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.