Topic: Using PC Anywhere and SME

[netdesignns]

Has anybody tried to set up and is successfully using PC Anywhere between 2 local Windows networks and SME Servers via the Internet?

[mrjhb3]

Haven't used pcanywhere, but have used VNC and port-forwarding to control 2 PC's via the Internet.

JB

[netdesignns]

Ok the scenario is to for clients on both networks to be able to access files as users on Windows servers behind SME as the internet firewall in each case. The Internet IP is fixed and one of the options appears to be PC Anywhere?

[Boris]

IF you need file exchnage, why not to connect those networks with site to site VPN?

[mrjhb3]

Ok the scenario is to for clients on both networks to be able to access files as users on Windows servers behind SME as the internet firewall in each case. The Internet IP is fixed and one of the options appears to be PC Anywhere?

This may be able to be done as well, but you will more than likely still have to port-forward to your internal hosts.  So Site A wants to talk to Site B, Site A initiates the reqeust to the fixed IP, the FireWall or Server on the public side port-forwards to the internal host.  I think PCany uses UDP as well so I don't know that would work well.  

Another solution would be to set each user as a VPN user to the other side and then VPN into the system, then launch pcany to the appropriate internal host.  This I have setup and it seemed to work just fine.

JB

[NickR]

Has anybody tried to set up and is successfully using PC Anywhere between 2 local Windows networks and SME Servers via the Internet?

I've got it running on many sites.  All you do is port-forward TCP/5631 & TCP/5632 to the internal host on the host end.  The remote end doesn't need to do anything special.  If you have more than one host, you can use 5633 & 5634 on the external side & forward to 5631 & 5632 internally - for more hosts, just increment the external ports as required.  On the remote end, specify the non-standard ports in the details tab under connection info.

[MSmith]

Much more secure to have external users establish PPTP VPN connection to SME server, then connect via PCAnywhere, VNC or Remote Desktop to client PC's INTERNAL LAN address.

[NickR]

Much more secure to have external users establish PPTP VPN connection to SME server, then connect via PCAnywhere, VNC or Remote Desktop to client PC's INTERNAL LAN address.

I totally disagree.

With my method, I have an encrypted link, a very strong 14 character username & password combo, non-standard ports, source ip connection filters and even if you manage to get through all that, you still need to login to the workstation before you can access any data.

How is mine less secure than yours?

BTW, out of all the hosts I have running 24/7, not one has ever been compromised in the last 6 years.

[mrjhb3]

It's all what you prefer.  I wasn't sure you could set pcany to use other ports and whether or not it used UDP or not.  Now that I know this, this is good news.  We also could go on and on about who has and who hasn't been hacked.  Those of us that haven't been hacked, it's probably because we haven't been targeted other than the ssh exploits running around.  
Whatever solution you choose, just make sure it fits your needs and budget.

JB

[MSmith]

Easy there, Nick, as it happens my post was NOT a *direct* reply to yours, it was a comment on the concept in general of using PCAnywhere through a firewall.  Most people will NOT go to the trouble of setting up good usernames & passwords, much less using nonstandard ports.  And keeping control at the firewall level may help prevent a user from setting up username/password combinations on their own.

[NickR]

Easy there, Nick, as it happens my post was NOT a *direct* reply to yours, it was a comment on the concept in general of using PCAnywhere through a firewall.  Most people will NOT go to the trouble of setting up good usernames & passwords, much less using nonstandard ports.  And keeping control at the firewall level may help prevent a user from setting up username/password combinations on their own.

Sorry if I came across as a bit agressive, it's just that I read your post & saw it as a challenge  

The real story is that you can give people all the security tools in the world, but if they misuse them, they still won't be secure.  

I think we can agree that your methods & mine are probably equally secure because we've bothered to understand and adopt good security practices.

[netdesignns]

Thanks for all the comments, much appreciated.
Now I have setup the host SME to accept PPTP, however when I attempt to establish the link remotely via another SME server I get this error "The specific Port is not connected" ??
Have tried to find out which Port it is ambiguously referring to and no luck.
The W2000 client is trying to connect via SME Version 6.5 to the Host using SME 6.0 and I have noted that Port Forwarding rules can be setup.
So can anybody help on this .. What port is not connected??

[Boris]

Using VPN first and then remote control package to INternal LAN address, allows you to have single configuration to control any/all computers on the LAN.
Forwarding ports individually to each static IP workstation on the LAN can be very messy. It all boiled downt to what is the goal and how much money on licenses you want to spend. Either solution uses encription and secure enough.

My personal preference now is VPN and dameware (licensed per tech, not per client) which let me explore remote LAN, find and control any workstation on-demand without preconfiguring host in advance.