Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuration challenges

ctsnww
Conversationalist
‎Oct 9 2023 11:13 PM
‎Oct 9 2023 11:13 PM

Configuration challenges

My client purchased a GX50-HW-UK to improve security. I have tried configuring the GX50 with the router a couple of times and have failed to get everything working.

 

They have a requirement for 4 members of staff to RDP into the network. Their ISP router does not allow bridging, so the relevant RDP ports are being forwarded from the router to the GX50 and then from the GX50 to the individual office computers.

 

On the 2 occasions that we have tried this setup the RDP connections have failed and it has been challenging to determine where the failure is happening (router to GX50 or GX50 to PC).

 

Can you advise please?

 

 

0 Kudos
Subscribe
5 Replies 5
Xydocq
A model citizen
‎Oct 10 2023 7:45 AM
‎Oct 10 2023 7:45 AM

hello @ctsnww 

 

If security is a problem, your client should switch from RDP to VPN.

 

It is way more secure and it allows you to use RDP without forwarding rules on both routers.

 

If that isn't an option, it would be nice to know the model of the ISP's router.

 

Cheers

Subscribe
ctsnww
Conversationalist
‎Oct 11 2023 6:18 AM
‎Oct 11 2023 6:18 AM

Router: Fast 5464 TALKTALK Voice

See talktalkbusiness.co.uk/wifihubsetup

0 Kudos
Subscribe
In response to ctsnww
Xydocq
A model citizen
‎Oct 11 2023 7:23 AM
‎Oct 11 2023 7:23 AM

Looks like your client won the lottery with the ISP's router.

 

Is there a setting for DMZ on the Fast 5464? If so, DMZ should point at the GX50. All incoming requests from the internet then be directed to the GX50 and no port-forwarding rules need to be applied to the Fast 5464. Then set the RDP-rules on the GX50 only.

 

I know sometimes forwarding rules need to be applied. For security that's kinda a bad thing. Every port forwarded will show on a port-scan and the question is not "Why me?", bots scan the whole internet for open ports and try to break in, no matter where they find them.

 

I still would recommend to use VPN to connect to the network. If you can enable DMZ on the Fast 5464, it will allow you to have no ports exposed to the internet.

Subscribe
ctsnww
Conversationalist
‎Oct 11 2023 8:07 AM
‎Oct 11 2023 8:07 AM

There is a DMZ setting (I believe), so that will be a much easier solution, thank you.

 

The client wants a face-to-face meeting about VPN, I know the question will be concerning the home-based staff and how they will configure VPN from their end, especially if their own routers do not have a VPN option.

 

Many thanks for the amazing assist.

 

 

0 Kudos
Subscribe
In response to ctsnww
Xydocq
A model citizen
‎Oct 11 2023 8:26 AM
‎Oct 11 2023 8:26 AM

I use site2site VPN and also client-server-vpn.

 

It might be best to use client-server-vpn in your case. Since the GX50 offers L2TP/iPsec, you can use the build in client on a windows-laptop to connect.

 

The only devices not able to connect will be android-phones.

Subscribe
Get notified when there are additional replies to this discussion.
© 2024 Cisco Systems, Inc.