[adsmith82]

trying to remote control a pc on the lan that is vpn'd to another corporate network with firewall etc. need free for commercial use software to do so. teamviewer might work, but expensive. logmein is the only working solution so far, but slow and unreliable connection process - have to connect while pc is not vpn'd, start a script to wait for vpn connected dialog and click ok automatically because user will become disconnected, then script will restart logmein to use their proxy and also to disconnect the timed out user, then reconnect with logmein and do something similar when disconnecting from vpn)

currently trying to use freesshd and tightvnc server on the vpn'd machine, and putty and tightvnc viewer on the viewing machine. hoping to connect via ssh and vnc, establish vpn, reconnect with ssh and vnc... however vpn is not allowing ssh connection. any help? maybe need to configure freesshd to use firewall? don't see settings for that, needs to be done manually?

[zx10guy]

The proper way to do it is to get two VPN end point routers/firewalls and set up a site to site VPN tunnel. Then you can access the full set of ports on the PC without the monkey business of shoe horning a free solution. You can get two Netgear FVS318 routers for under $200 to implement a site to site VPN tunnel.

[adsmith82]

already have cisco vpn client on the one pc. problem is several people on the lan need to use this pc so we need to remote into it, but once it's on the vpn, we can't access it

[zx10guy]

You need to put up a more descriptive explanation of how your network is set up. A diagram would be preferable.

[adsmith82]

it's just a local network with a router and several pc's, one of which has software vpn to some corporate network with firewall etc. all pc's on local network need to access this vpn'd machine

[zx10guy]

So if I'm reading you right.

You have a remote office with a basic router and PCs on a LAN. One of these PCs is used to VPN to the main corporate network.

Based on the above assumption, the issue you're probably having is the Cisco VPN setup is configured to either forward all traffic through the tunnel or is configured for hair pinning. With the VPN up on this PC, I assume you can't even ping the PC from any of the local machines. If this is the case, there's nothing simple you can do to fix this short of either as I stated above, add another Cisco VPN end point device onto the remote LAN and establish a site to site tunnel which then negates this PC needing a VPN client installed on it or have the IT team over at the main corporate change the VPN policy to allow split tunneling.

[adsmith82]

that is correct. however, we do have a working logmein solution, but like i said it is not ideal. based on what i've read online about ssh tunneling, i thought it would be possible to ssh into the pc that has the vpn client, but this does not work with the vpn connected. was wondering if there is anything i can do to connect to this machine

[zx10guy]

I don't like Logmein in a business setting. It's obvious your company has the infrastructure in place to set up their on VPN system. Have you talked to the IT people at corporate HQ about this? Do they know you all are using Logmein?

The solution to this problem is to ask the firewall/router people to configure the VPN connection of the PC to run in split tunnel mode. This will allow the PC to be reached by local LAN resources while the VPN is up and running. You CANNOT make the change on your end as under the Cisco model, security and policy rules are pushed down from the VPN server.

[adsmith82]

well, the corporate network we're connecting to is an outside company's network, not our own. we could request split tunnel, but it's not my place and i don't think they would allow it for security reasons. we will just use logmein in combination with the autohotkey scripts i created. that's just how things go sometimes, just have to make due with what we have

thanks for your help

[zx10guy]

If this computer is meant to only access their LAN when the VPN is up, I think it's a high probability they will be not very happy with you all for circumventing their security policy. You've basically allowed another back door channel into their network through this PC when it has a VPN connection established. I know I would be livid if I was on the IT staff at that company.

I'm not going to force you to do anything, but I think you owe the IT staff at this company a chat about what your needs are and why you need this configuration change. Being caught later for doing something which they were not aware of could jeopardize any business relationship you have with them and could also open yourself up for litigation depending on the agreement(s) you have established with this company. Just some thoughts.

[adsmith82]

i appreciate your concern, but we are only making our own pc accessable by our own staff. thanks again for your help.