Remote Access

SOLVED
SardarAlam
Getting noticed

Remote Access

Hello Everyone,

 

I want to know about Remote access without VPN.

Is  there any way to access Remote Server without using VPN like Client VPN, Site to site VPN, or anyconnect?

My customer ask that we need to access our ERP just to enter the Remote server IP address or DDNS and no requirement for VPN. As the customer also using MOB ERP when vpn is disconnect then ERP is close auto.

 

Please guide if there is any option available if we arrange a static IP or something else.

 

Thanks in advance

1 ACCEPTED SOLUTION
ww
Kind of a big deal
Kind of a big deal

Yes, If you have a isp nat router then the isp have to do the same.

Forwarding that port to your mx ip.

 

View solution in original post

11 REPLIES 11
ww
Kind of a big deal
Kind of a big deal
SardarAlam
Getting noticed

OK will try.

 

Thank you

SardarAlam
Getting noticed

Hi @ww  Can you assist if we configure port forwarding.we also need to configure it on ISP NAT Device as well?

As i already configure port forwarding on mx but still can't access my server and unable to Public IP and Server IP.

 

ww
Kind of a big deal
Kind of a big deal

Yes, If you have a isp nat router then the isp have to do the same.

Forwarding that port to your mx ip.

 

SardarAlam
Getting noticed

Thank You for your prompt response.

DarrenOC
Kind of a big deal
Kind of a big deal

Sounds like you’re exposing your internal network and systems to the internet which isn’t a great idea.  Yes, this can be done but I’d advise against it.  Are you able to segment the ERP system using a DMZ and other segmentation methods if you really had to expose the system to the internet?

 

Id advise your customer of the pitfalls and f the above and strongly advise that they use a client VPN.  Or, if they require off network access to the ERP system then explore the possibility of migrating to the cloud.

Darren OConnor | doconnor@resalire.co.uk
https://www.linkedin.com/in/darrenoconnor/

I'm not an employee of Cisco/Meraki. My posts are based on Meraki best practice and what has worked for me in the field.

My customer want a way like port forwarding, can we use port forwarding for 2 or 3 servers to be accessible for around 100 plus users with smooth bandwidth speed .

and the port forwarding required any static IP or not? and for segmentation methods i am not sure.

I'm with @DarrenOC , exposing it to the internet is a risk. If he wants to expose it to the internet, at the very least he should have a WAF solution to reduce risks.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

It's not a good idea to expose your application externally.

 

I would try a solution like ZPA from Zscaler.

 

https://www.zscaler.com/products/zscaler-private-access

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
BlakeRichardson
Kind of a big deal
Kind of a big deal

If you don't understand the security risks around port forwarding then I suggest you get someone involved who does. For secure remote access you would be best to use a VPN. They are very simple to set up. 

 

 

If your customer wants a cheap solution and doesn't care about ransom ware then port forwarding would be fine.  As long as your customer knows the risks, bear in mind if you are advising the customer of solutions you are potentially liable if it all goes wrong. 

Currently we are using Client VPN and Anyconnect VPN for both WEB and Mob App, Now customer want to usp mob App without VPN, and for now our software team need access to internal network for a Win acme app Server for that we are unable to use VPN becasu win acme is not our domain to implement vpn on them. Win acme application need to access for SSL certificate.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.