Remote Access Requirement

Dear Experts,
Currently our Business One 2005A version software is installed in SQL Server.
Remote access is made through Citrix Web Interface Metaframe Presentation Server.
Would someone tell me if we can access remotely through Terminal Server instead to the SQL server and maintain system perfomance? In this senario what will be the web interface requirement?
Thanks,
Kunitomo

Dear Kunitomo,
Definitely! Actually Terminal Server might be better option than Citrix because it users system resources more efficiently.
An RDP would be the client option for Terminal Server.
Thanks,
Gordon

Similar Messages

  • ASA Remote Access VPN Clients - Multiple DNS Suffixes?

    Hi community!
    I am setting up a new remote access VPN using the traditional IPSec client via ASA 5515-X runnning OS 8.6.1(5).
    We require to provide each client multiple DNS suffixes, but are only to provide a single DNS suffix in the grouip policy.
    I have tested using an external DHCP server, but using our Windows Server 2008 infrastructure and Option 119 the list is not provided to clients, and I have read that Windows 7 clietns may ignore this option anyway.
    Other than umanually configuring the clients , does anybody have any other suggestions on how we may get this to work?
    Full marks for helpful posts!
    Kind regards, Ash.

    Hi
    I am looking into the same issue, and I am finding conflicting documentation about this and wondered if you got the answers you were looking for.
    I have a remote access requirement for users from separate AD's to authenticate through an ASA.
    I was reading about Global Catalogue Server but this is not specifically what I want; and also creating a new AAA server group but the user would need to accept which group to use when they log in
    Regards

  • Remote Access VPN Clients Cannot Access inside LAN

    I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with.  I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA.  Thay can ping each other.  The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10.  I do not need split tunneling to be enabled.  The active WAN interface is the one labeled outside_cable.
    : Saved
    ASA Version 8.2(1)
    hostname ASA5505
    domain-name default.domain.invalid
    enable password eelnBRz68aYSzHyz encrypted
    passwd eelnBRz68aYSzHyz encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.100.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    pppoe client vpdn group dataDSL
    ip address 76.244.75.57 255.255.255.255 pppoe
    interface Vlan3
    nameif dmz
    security-level 50
    ip address 192.168.9.1 255.255.255.0
    interface Vlan10
    nameif outside_cable
    security-level 0
    ip address 50.84.96.178 255.255.255.240
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    switchport access vlan 10
    interface Ethernet0/2
    switchport access vlan 3
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    same-security-traffic permit intra-interface
    object-group service Netbios udp
    port-object eq 139
    port-object eq 445
    port-object eq netbios-ns
    object-group service Netbios_TCP tcp
    port-object eq 445
    port-object eq netbios-ssn
    object-group network DM_INLINE_NETWORK_1
    network-object host 192.168.100.177
    network-object host 192.168.100.249
    object-group service Web_Services tcp
    port-object eq ftp
    port-object eq ftp-data
    port-object eq www
    port-object eq https
    object-group network DM_INLINE_NETWORK_10
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_11
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_2
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_3
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_4
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_5
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_6
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_7
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_8
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network DM_INLINE_NETWORK_9
    network-object host 192.168.9.10
    network-object host 192.168.9.4
    object-group network VPN
    network-object 192.168.255.0 255.255.255.0
    access-list outside_access_in extended permit icmp any host 76.244.75.61
    access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
    access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
    access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
    access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
    access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
    access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
    access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
    access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
    access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
    access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
    access-list dmz_access_in remark Quickbooks
    access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
    access-list dmz_access_in remark Quickbooks range
    access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
    access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
    access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
    access-list dmz_access_in remark QB
    access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
    access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
    access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
    access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
    access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
    access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
    access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
    access-list dmz_access_in remark Printer
    access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
    access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
    access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
    access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
    access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
    access-list dmz_access_in remark QB probably does not need any udp
    access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
    access-list dmz_access_in remark QB included in other rule range
    access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
    access-list dmz_access_in remark May be required for Quickbooks
    access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
    access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
    access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
    access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
    access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
    access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
    access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
    access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
    access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
    access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
    access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
    access-list Local_LAN_Access standard permit host 0.0.0.0
    access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
    access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered informational
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500 
    mtu outside_cable 1500
    ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
    ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat-control
    global (outside) 10 interface
    global (outside_cable) 10 interface
    nat (inside) 0 access-list nonat-in
    nat (inside) 10 0.0.0.0 0.0.0.0
    nat (dmz) 0 access-list dmz_nat0_outbound
    nat (dmz) 10 0.0.0.0 0.0.0.0
    static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
    static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
    static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
    static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
    static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
    static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
    static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
    static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
    static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
    static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
    static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
    access-group outside_access_in in interface outside
    access-group dmz_access_in in interface dmz
    access-group outside_cable_access_in in interface outside_cable
    route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.1.0 255.255.255.0 inside
    http 192.168.100.0 255.255.255.0 inside
    http 204.107.173.0 255.255.255.0 outside
    http 204.107.173.0 255.255.255.0 outside_cable
    http 0.0.0.0 0.0.0.0 outside_cable
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_cable_map interface outside_cable
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map inside_map interface inside
    crypto isakmp enable inside
    crypto isakmp enable outside
    crypto isakmp enable outside_cable
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 30
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    telnet 192.168.100.0 255.255.255.0 inside
    telnet timeout 5
    ssh 192.168.100.0 255.255.255.0 inside
    ssh 204.107.173.0 255.255.255.0 outside
    ssh 204.107.173.0 255.255.255.0 outside_cable
    ssh 0.0.0.0 0.0.0.0 outside_cable
    ssh timeout 15
    console timeout 0
    vpdn group dataDSL request dialout pppoe
    vpdn group dataDSL localname [email protected]
    vpdn group dataDSL ppp authentication pap
    vpdn username [email protected] password *********
    dhcpd address 192.168.100.30-192.168.100.99 inside
    dhcpd dns 192.168.100.5 68.94.156.1 interface inside
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    webvpn
    group-policy DefaultRAGroup internal
    group-policy DefaultRAGroup attributes
    dns-server value 192.168.100.5
    vpn-tunnel-protocol IPSec l2tp-ipsec
    group-policy cad_supplies_RAVPN internal
    group-policy cad_supplies_RAVPN attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
    group-policy VPNPHONE internal
    group-policy VPNPHONE attributes
    dns-server value 192.168.100.5
    vpn-tunnel-protocol IPSec
    split-tunnel-policy excludespecified
    split-tunnel-network-list value Local_LAN_Access
    client-firewall none
    client-access-rule none
    username swinc password BlhBNWfh7XoeHcQC encrypted
    username swinc attributes
    vpn-group-policy cad_supplies_RAVPN
    username meredithp password L3lRjzwb7TnwOyZ1 encrypted
    username meredithp attributes
    vpn-group-policy cad_supplies_RAVPN
    service-type remote-access
    username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
    username ipphone1 attributes
    vpn-group-policy VPNPHONE
    username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
    username ipphone2 attributes
    vpn-group-policy VPNPHONE
    username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
    username ipphone3 attributes
    vpn-group-policy VPNPHONE
    username oethera password WKJxJq7L6wmktFNt encrypted
    username oethera attributes
    vpn-group-policy cad_supplies_RAVPN
    service-type remote-access
    username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
    username markh attributes
    vpn-group-policy cad_supplies_RAVPN
    tunnel-group DefaultRAGroup general-attributes
    default-group-policy DefaultRAGroup
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *
    tunnel-group DefaultRAGroup ppp-attributes
    authentication ms-chap-v2
    tunnel-group cad_supplies_RAVPN type remote-access
    tunnel-group cad_supplies_RAVPN general-attributes
    address-pool VPN_IP_range
    default-group-policy cad_supplies_RAVPN
    tunnel-group cad_supplies_RAVPN ipsec-attributes
    pre-shared-key *
    tunnel-group VPNPHONE type remote-access
    tunnel-group VPNPHONE general-attributes
    address-pool VPN_Phone
    default-group-policy VPNPHONE
    tunnel-group VPNPHONE ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 1500
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
    : end

    Hi,
    You have your "group-policy" set so that you have excluding some networks from being tunneled.
    In this access-list named Local_LAN_Access you specify "0.0.0.0"
    Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
    This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
    - Jouni

  • Is there a way of remote accessing 'Games and More' on a mobile?

    I am new to the forum, please excuse me if I am in the wrong space!
    Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device?
    e.g. Java application is downloaded into 'Games and More' and there is a requirement to execute the program from an ODP (On-Device-Portal). The ODP is external to the 'Games and More' folder but within the same mobile device.
    Many thanks
    Ian

    IVM wrote:
    Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device? No.
    db

  • How to set up my elderly parent with Mac so that I can use remote access to help her?

    I want to set my elderly mother up with a new Mac mini so that I can use remote access to show her how use email, browse the internet, share photos.  (She lives in KY, I live in OR)
    She has had an iPhone and an iPad for about 6 months and she can barely use them without becoming frustrated.   I want to be able to see her screen with her and show her how to do things.
    My plan is to set her up with a Mac mini and I'll use my MacBookAir to remote into her system.  I'm buying the mini to configure and then I'll mail it to her.
    My question is whether to try to use Back to My Mac or Teamviewer for remote access
    I have broadband with comcast and she has broadband with Access Cable.  Each have their company modem/routers--neither of us have Airport Express.
    I have my own iCloud account and she has her own.   If I use Back to My Mac, it seems that I would need to set up a separate account on my Mac that would sync to her iCloud account.
    Teamviewer seems easier because I don't have to use a separate account.   Any advice?   Anything that I'm not thinking about?

    As Linc says, you can establish a Screen Sharing session via iMessage and Facetime.  The advantage of these 2 approaches is that once your Mom gets used to using them, she will be more comfortable using them to communicate with you.  I've talked to my Mom via iChat (aka iMessage) more since she learned to use them, then in all the years before that (including when I was a child ).  And just being able to see your Mom via Facetime can be useful when you want to gage how she is doing.
    However, if you are any distance from your Mom, they you want backup methods incase something goes wrong.
    So beside iMessage/Facetime, the next best would be Back-to-My-Mac via iCloud, however, you will want to establish her Mac as using your account so that you have the right to take control remotely.
    An alternative that does not mix up your iCloud acounts would be to use TeamViewer.com (which has an unattended mode so you can do off-hour maintenance when your Mom is not around; or check up on her to find out if she is dating - Turns out if I had been paying attention, I would not have been blind-sided by my Mom getting Married again last Summer - she is in her 80's! ).
    LogMeIn.com, as dwb says, can be used the same was as TeamViewer.com
    Both LogMeIn.com and TeamViewer.com are very good at making it easy to get through the home router and if you are having any problems connecting using other Methods, TeamViewer.com or LogMeIn.com will most likely not have any issues.
    Back-to-My-Mac allows screen sharing and file sharing so you can transfer files as well as control the screen.
    Screen Sharing via Messages allows cooperative file transfer. That is to say, you can try pushing a file to your Mom, but she has to accept each transfer.
    TeamViewer.com has an unattended file transfer mode.
    LogMeIn.com requires the paid version to transfer files.  However, there are other ways to transfer files, such as downloading them from the original source on your Mom's system while using screen sharing, using Dropbox (or similar), emailing them, etc...
    Of course if you are really network savvy, you can roll your own via ssh tunnels, port forwarding routers, getting dynamic DNS names, transferring files via scp, or tunneling AFP file sharing, tunneling your screen sharing sessions.  Lots of fun and excitement playing with terminal commands

  • Remote access to Time Capsule won't work

    Over the past couple of months I've been doing lots of research and planning into replacing my Mac Pro and old MacBook Pro with a new Mac setup.  I was looking for efficiency, productivity and ultimate portability so the Macbook Pro Retina and Time Capsule grabbed my attention.
    I was interested in the MacBook Pro Retina for work (travel) and home leisure use.  Due to having so much music and video iTunes content, I was interested in purchasing a Time Capsule and a secondary external hard drive, placing all my iTunes content on the Time Capsule which I would then back up to the external hard drive when I was at home.  I would then setup Time Capsule to be accessible over the internet so that I could view my media content through iTunes wherever in the world I was (internet speeds permitting of course).  By doing this I could carry only my work files with me on the 512GB SSD Macbook Pro Retina, but could access the Time Capsule media files remotely, either via wi-fi or by tethering my iPhone 5.
    So I purchased a Time Capsule to test my theory.  I followed online guidance on how to achieve such a setup and using my 2008 MacBook Pro (which runs Snow Leopard) and a friends internet connection I got the system to work.  I was able to remotely contact Time Capsule and watch High Def video content via wireless internet and even tethered to my iPhone.  So I went and purchased a Macbook Pro Retina (running Mountain Lion) and set about setting up the system in the same way.  But this is where something's gone wrong.  I can't connect to the Time Capsule over the internet at all.
    The Air Port utility has been updated to version 6 which is lacking the ability to instruct the Time Capsule to "Allow access over WAN".  I thought I'd make sure it still connected via the internet using my old MacBook Pro, which had definitely worked perfectly just a couple weeks earlier, and that won't work either.  I can't find the option to "Allow access over WAN" within Airport Utility 5.6.1 either?  And the simple apple script application that I wrote (following an online guide) to open the remote connection to Time Capsule with the double left click on an icon has stopped working too.
    I don't pretend to be a network engineer and I'm no I.T. expert, though I usually manage to teach myself what I need to know to sort issues like this out, but this has gotten me really stumped!  I tried downloading an old version of Airport Utility to see if that had the "Allow access over WAN" feature (within the 'Disks' > 'File Sharing' area of Airport Utility) but my Mac OS won't allow the old versions to run.
    Perhaps the version of Airport Utility I used on my Macbook Pro a couple of weeks ago didn't have the "Allow access over WAN" check box either and I just didn't notice - which is likely unless Airport Utility updates itself in the background without any prompts etc.  I certainly didn't notice a software update for it any time over the past few days.  Either way, I don't understand how it could have been working a few days back and now it's suddenly not.
    I used this guides to gain remote access to Time Capsule successfully just a couple of weeks ago:
    http://www.youtube.com/watch?v=SIQ7SzA1cK4
    Can anyone shed any light on the issue and point me toward a fix please?  I'd appreciate the help.

    Thanks LaPastenague.  I'm not sure if I have a static IP but I can confirm it hasn't changed in the past month.
    I've pretty much come to the conclusion that what I want to do isn't really possible using Time Capsule.  Like I mentioned, I had remote access working a couple of weeks ago but it seems like apple have updated the firmware or airport software to remove something that was necessary to remotely connect in the same way.  And even if I did get it working I think it would still be so restrictive, requiring a fast wifi or mobile phone tethered connection to view my media files over the internet.
    I got connected via iCloud and B.T.M.M. but the connection was very slow and video wouldn't stream well at all (painful).  It seems that the speed constraints would make it very frustrating each time I simply wanted to look through my vast iTunes music collection or movie library.  Album covers won't appear either.
    Even if it were possible to connect via a static IP I just don't think that the WAN connection would be stable or fast enough to offer an efficint solution(?), so I'll probably have to by an external portable HD and use Time Capsule for Time Machine and Printer Sharing.
    I wish I could stream my iTunes movies and music successfully over the internet, but right now it just doesn't seem possible.

  • Can i use same address pool for different remote access VPN tunnel groups and policy

    Hi all,
    i want to create a different remote access VPN profile in ASA. ihave one RA vpn already configured for some purpose.
    can i use the same ip address pool used for the existing one for the new tunnel-group (to avoid add rotuing on internal devices for new pool) and its a temporary requirement)
    thanks in advance
    Shnail

    Thanks Karsten..
    but still i can have filtering right? iam planning to create a new group policy and tunnelgroup and use the existing pool for new RA  and i have to do some filetring also. for the new RA i have to restrict access to a particualr server ,my existing RA have full access.
    so iam planning to create new local usernames for the new RA and new group policy with vpn-filter value access-list to apply for that user as below,  this will achive waht i need right??
    access-list 15 extended permit tcp any host 192.168.205.134 eq 80
    username test password password test
    username test attributes
    vpn-group-policy TEST
    vpn-filter value 15
    group-policy TEST internal
    group-policy TEST attributes
    dns-server value 192.168.200.16
    vpn-filter value 15
    vpn-tunnel-protocol IPSec
    address-pools value existing-pool
    tunnel-group RAVPN type ipsec-ra
    tunnel-group RAVPN general-attributes
    address-pool existing-pool
    default-group-policy TEST
    tunnel-group Payroll ipsec-attributes
    pre-shared-key xxx

  • Remote Access VPN on Cisco ASA Problem

    Hi, i configured Remote access VPN on Cisco ASA 8.x as per below configuration.
    Problem is that my internet has stopped working, and default route is just showing stars.
    i can ping internal server 10.110.10.150 fine , which i allowed on VPN ACL, but my other traffic not going to regular internet on my laptop,
    what additional required to force my internet to go to regular internet instead of getting encrypted?
    Also attaching output of route print at the point when VPN is connected.
    ip local pool RA_VPN_POOL 10.1.200.100-10.1.200.150 mask 255.255.255.0
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA
    crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800
    crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000
    crypto map VPN_MAP 65535 ipsec-isakmp dynamic RA_VPN
    crypto map VPN_MAP interface outside
    isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    tunnel-group ITT_RA type remote-access
    tunnel-group ITT_RA general-attributes
    address-pool RA_VPN_POOL
    default-group-policy RA_VPN_GP
    tunnel-group ITT_RA ipsec-attributes
    pre-shared-key <group key>
    group-policy RA_VPN_GP internal
    group-policy RA_VPN_GP attributes
    dns-server value 10.0.0.1 10.0.0.2
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split_Tunnel_List
    default-domain value mydomain.com
    address-pools value RA_VPN_POOL
    access-list Split_Tunnel_List extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    access-list nonattest extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    nat (inside) 0 access-list nonattest
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      10.111.36.1      10.111.36.9          276
              0.0.0.0          0.0.0.0         On-link      10.1.200.100            20
           10.1.200.0    255.255.255.0         On-link      10.1.200.100    276
         10.1.200.100  255.255.255.255         On-link      10.1.200.100    276
         10.1.200.255  255.255.255.255         On-link      10.1.200.100    276
        10.110.10.150  255.255.255.255       10.1.200.1     10.1.200.100    100
          10.111.36.0    255.255.255.0         On-link       10.111.36.9    276

    Hi, i configured Remote access VPN on Cisco ASA 8.x as per below configuration.
    Problem is that my internet has stopped working, and default route is just showing stars.
    i can ping internal server 10.110.10.150 fine , which i allowed on VPN ACL, but my other traffic not going to regular internet on my laptop,
    what additional required to force my internet to go to regular internet instead of getting encrypted?
    Also attaching output of route print at the point when VPN is connected.
    ip local pool RA_VPN_POOL 10.1.200.100-10.1.200.150 mask 255.255.255.0
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto dynamic-map RA_VPN 65535 set transform-set ESP-AES-128-SHA
    crypto dynamic-map RA_VPN 65535 set security-association lifetime seconds 28800
    crypto dynamic-map RA_VPN 65535 set security-association lifetime kilobytes 4608000
    crypto map VPN_MAP 65535 ipsec-isakmp dynamic RA_VPN
    crypto map VPN_MAP interface outside
    isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    tunnel-group ITT_RA type remote-access
    tunnel-group ITT_RA general-attributes
    address-pool RA_VPN_POOL
    default-group-policy RA_VPN_GP
    tunnel-group ITT_RA ipsec-attributes
    pre-shared-key <group key>
    group-policy RA_VPN_GP internal
    group-policy RA_VPN_GP attributes
    dns-server value 10.0.0.1 10.0.0.2
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split_Tunnel_List
    default-domain value mydomain.com
    address-pools value RA_VPN_POOL
    access-list Split_Tunnel_List extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    access-list nonattest extended permit ip host 10.110.10.150 10.1.200.0 255.255.255.0
    nat (inside) 0 access-list nonattest
    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      10.111.36.1      10.111.36.9          276
              0.0.0.0          0.0.0.0         On-link      10.1.200.100            20
           10.1.200.0    255.255.255.0         On-link      10.1.200.100    276
         10.1.200.100  255.255.255.255         On-link      10.1.200.100    276
         10.1.200.255  255.255.255.255         On-link      10.1.200.100    276
        10.110.10.150  255.255.255.255       10.1.200.1     10.1.200.100    100
          10.111.36.0    255.255.255.0         On-link       10.111.36.9    276

  • Remote access vpn ESP problem

    I have remote access vpn configured on cisco 2901 router. Everything works good exept ipad 2 3g. When i am connecting with ipad from 3g network it connects but  it is unable to access corporate resources. I talked to my telephone provaider and they told me that they have some nat problems with ESP. and adviced me to force vpn clients to use udp ports 500 and 4500. How i have to configure my router to accomplish this ?
    Thanks in advance

    Hello,
    Isakmp uses port UDP 500 for the managment connection establishment ( Phase 1).
    NAT-T ( used when they are nat devices in between two VPN endpoints) uses port UDP 4500.
    So on your Router NAT-T is configured by default, all you got to do is if you have an ACL on the outside interface allow this traffic (Isakamp and NAT T) On some of the newer IOS versions you do not have to apply the ACL as by default the VPN traffic (encrypted traffic bypasses the ACL).
    So your requirement is done by default, great thing right!! You can let your Telephone provider you are ready for the test.
    Julio
    Do rate all helpful posts!!

  • Remote access VPN on ASA5520 Ping Issues.

    Hi I hope someone might be able to help me. I have setup a remote access VPN on an ASA 5520. The VPN client connects ok, accepts my username and password and then I am in. I get an allocated IP address of 172.16.1.1 from the local pool. The problem is that I cannot then ping the inside LAN which is 192.168.1.1. I've got isakmp nat traversal set to default which is 20. I've been looking at this all day and I think I've gone crossed eyed, a fresh pair of eyes are definitley required, so any help would be gratefully received. My config is
    Saved
    ASA Version 7.0(8)
    hostname Hospira-firewall
    enable password 2KFQnbNIdI.2KYOU encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    dns-guard
    interface GigabitEthernet0/0
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address 213.212.66.52 255.255.255.248
    interface GigabitEthernet0/1
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    interface GigabitEthernet0/2
    shutdown    
    no nameif
    no security-level
    no ip address
    interface GigabitEthernet0/3
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    shutdown
    no nameif
    no security-level
    no ip address
    ftp mode passive
    same-security-traffic permit intra-interface
    access-list NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
    access-list Split standard permit 192.168.1.0 255.255.255.0
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip local pool mypool 172.16.1.1-172.16.1.253 mask 255.255.255.0
    no failover
    asdm image disk0:/asdm-508.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list NONAT
    nat (inside) 1 192.168.1.0 255.255.255.0
    route outside 0.0.0.0 0.0.0.0 213.212.66.49 1
    route outside 172.16.1.0 255.255.255.0 213.212.66.49 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    group-policy hospira internal
    group-policy hospira attributes
    vpn-simultaneous-logins 400
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Split
    webvpn
    username user password 08S9WUsiSMr3RauN encrypted
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set hospira esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map dmap 1 set transform-set hospira
    crypto dynamic-map dmap 1 set security-association lifetime seconds 28800
    crypto dynamic-map dmap 1 set security-association lifetime kilobytes 4608000
    crypto dynamic-map dmap 1 set reverse-route
    crypto map mymap 1 ipsec-isakmp dynamic dmap
    crypto map mymap 2 match address NONAT
    crypto map mymap 2 set security-association lifetime seconds 28800
    crypto map mymap 2 set security-association lifetime kilobytes 4608000
    crypto map mymap interface outside
    isakmp identity address
    isakmp enable outside
    isakmp policy 1 authentication pre-share
    isakmp policy 1 encryption 3des
    isakmp policy 1 hash sha
    isakmp policy 1 group 2
    isakmp policy 1 lifetime 86400
    isakmp policy 65535 authentication pre-share
    isakmp policy 65535 encryption 3des
    isakmp policy 65535 hash sha
    isakmp policy 65535 group 2
    isakmp policy 65535 lifetime 86400
    isakmp nat-traversal  20
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *
    tunnel-group hospira type ipsec-ra
    tunnel-group hospira general-attributes
    address-pool mypool
    default-group-policy hospira
    tunnel-group hospira ipsec-attributes
    pre-shared-key *
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect dns maximum-length 512
      inspect ftp
      inspect h323 h225
    inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
      inspect icmp
      inspect icmp error
    service-policy global_policy global
    Cryptochecksum:98f85c39a5cbffe66b0f6585d5083c7c
    : end
    Many thanks

    Hi Richard ,
    - we don't need access-list with RA connection , we have the dynamic map that acts as a template , so your crypto config :
    crypto map mymap 1 ipsec-isakmp dynamic dmap
    crypto map mymap 2 match address NONAT
    crypto map mymap 2 set security-association lifetime seconds 28800
    crypto map mymap 2 set security-association lifetime kilobytes 4608000
    crypto map mymap interface outside
    map with seq 1 is being binded to the dynamic map , now map 2 you are using the nonat access list as the encryption trigger for this map , so this should not be there as it encrypt traffic from the inside subnet to the pool .
    please remove the second entry, then test if not working please provide a capture from the inside interface .
    HTH
    Mohammad.

  • Remote access VPN to server from outside and server reach internet on the same time

    Dear,
    I have problem in my ASA 5515-X , when i make Remote access VPN to servers in inside zone the internet connection disconnected in the servers, or when i have internet in servers, the remote access cant reach servers.
    the configuration for server as static NAT for each server, and the connection of VPN is to another public IP but in the same subnet of NAT ip.
    server1 : 10.10.10.2 nat to 5.6.7.8
    server2: 10.10.10.3 nat to 5.6.7.9
    server3: 10.10.10.4 nat to 5.6.7.10
    VPN connection to 5.6.7.12
    is there any solution for this senario, remote vpn to servers and the same time the servers have internet readability for download updates .. etc

    Hi,
    So it seems that the problem is with lacking a NAT0 configuration
    You could modify the below configuration to match your networks/IP addresses used. In the below configuration I presume that you have interfaces "inside" and "outside".
    object network SERVER-NETWORK
     subnet <server network address> <network mask>
    object network VPN-POOL
     subnet <vpn pool network address> <network mask>
    nat (inside,outside) 1 source static SERVER-NETWORK SERVER-NETWORK destination static VPN-POOL VPN-POOL
    Just insert the correct address related information and change the "object" and interface names if required.
    This configuration will tell the ASA that no NAT will be performed for traffic between the VPN-POOL and SERVER-NETWORK. The NAT configuration is bidirectional. With this configuration the Static NAT configurations will continue to work for the servers Internet traffic and this NAT0 configuration will be applied only to the VPN Client traffic.
    Hope this helps :)
    - Jouni

  • Remote Access VPN posturing with Cisco ISE 1.1.1

    Hi all,
    we would like to start using our ISE for Remote VPN access.
    We have run a proof of concept with the ISE & IPEP with a Cisco ASA5505. We got the authentication working however posturing of the client did not work.
    That was a few months ago and so I was wondering whether any design document is available specifically around Using the Cisco ISE for Authenticating & Posturing Remote Access VPN clients.
    I understand that version 9 of the ASA code is supposed to eliminate the need for Inline Posture, does anyone know whether this will also allow posturing too?
    We do intend to by Cisco ASR's aswell, but I am sceptical of this as i do not know how many VPN licenses you get out of the box. The ASA's we have allow up to 5000 IPSec VPNs without having to purchase any licensing. What I do not want to do is to switch to SSL VPNs as this again will increase cost.
    I know ISR's are support NADs but what about ASRs? There is no mention.
    Any advise will be appreciated!
    Mario

    OK, I have come accross the Cisco Validated design for BYOD and in there it has a section about Authenticating VPNs.
    thats great... however it does not mention using the Inline posture node. Does anyone know if there is a limitation using Inline Posture and SSL VPNs...?
    essentially my requirements are
    2-factor authentication VPN using a Certificate & RSA Token
    Posturing of the VPN endpoint.
    Ideally i would like to use IPSec VPNs as i have licenses already for these on my ASAs. But if it will only work with SSL & AnyConnect, then so be it.
    Can anyone help?
    Mario

  • Remote Access VPN, how to specify on which interface clients will be placed on?

    Hi,
    I have a general understanding problem with remote access VPN and Cisco ASA.
    If I have an ASA with multiple interfaces and I want to make sure that a Remote Access VPN Client is placed onto a specific interface, how do I do this?
    example:
    ASA has 4 interfaces: outside, inside-clients, inside-workers, inside-lab.
    I want to allow multiple Remote Access VPN configurations that put clients coming from "outside" to "inside-lab" and "inside-clients", with two different profiles and two different IP pools, as the IP addresses for each of the interfaces is different.
    How do I do that?
    If possible be as explanatory as possible for me to really grasp the concept.
    Many thanks
    Pat

    Hi,
    The ASA will view the hosts in its routing table behind the ASA interface which forms the VPN connection with the VPN Client. This is most of the time the interface called "outside".
    By default the ASA allows all traffic coming from a VPN connection to bypass the interface ACL of the ASA. The thought process behind this is I guess the fact that the VPN devices/clients have already proven they have right to connect to the network to all traffic is allowed.
    The configuration that controls this setting globally on the ASA is
    sysopt connection permit-vpn
    The above is the default setting of the command and it WONT show up in the CLI format configurations because its a default setting.
    If you were to issue the following command
    no sysopt connection permit-vpn
    Then this would mean that the ASA would require an ACL statement on its VPN terminating interface (outside) to permit the traffic from the VPN Pool to the LAN networks.
    Naturally you would have to take into consideration also that if you have existing VPNs and insert the above global command they would also need ACL statements on the "outside" interface ACL or the inbound traffic from the VPN will start to get blocked.
    Other option (wihtout touching the above setting) would be to configure VPN Filter ACL that is a separate ACL that is only attached to a certain user or group of users.
    I personally prefer the method of using the above global setting and using the "outside" interface ACL to control traffic.
    Naturally it still leaves the question of how you are going to configure the Tunnel Groups, Group Policys and Usernames. To be honest, I have gotten a bit distracted from VPN client setups and have forgotten a lot of stuff since I dont work with them on a day to day basis. I mostly handle L2L VPN nowadays among normal firewall configurations.
    If I had to suggest something simple at this point it would be this
    Configure separate Tunnel Groups
    Configure separate VPN Pools for the above Tunnel Groups
    Configure separate Group Policys for the above Tunnel Groups
    Configure the above mentioned Global setting to limit inbound traffic from VPN
    Configure the "outside" interface ACL so that you only permit traffic from a certain VPN Tunnel Group users only to certain LAN networks
    Configure the required NAT0 configurations for traffic between these networks
    As Marcin said, there are multiple different ways to achieve the same thing as above.
    And as I said I have gotten a bit rusty with the VPN Client side on the ASA so I am not sure if at the moment I can even consider all the possible options but surely the simple ones.
    PS. The link that Marcin posted seems to point to a Group Policy setting that would let you lock the that VPN connection to use only a certain local Vlan (subinterface) on the ASA and therefore limit traffic from going to networks behind other interfacec
    Hope this helps
    - Jouni

  • VM with remote access VPN without split tunneling

    Hello experts,
    I have customers who require to use VM in their laptop. These users also require to VPN to Corporate network  to do their job. However when they do remote VPN to corporate Network (ASA VPN concentrator) from their VM host machine, they loose their access to their VM guest machines. This problem was not happening when they used cisco VPN client which has gone end of life and support as of end of July 31, 2012. In Cisco VPN client (IKEV1) if we set the protocol to udp they had no problem to keep their connectivity to VM machines while connected to corporate with remote access VPN. However this feature does not work in new Cisco VPN client which is called AnyConnect. ( NOTE: I am using IPSEC IKEV2. NO SSL at this time).
    My Question to Experts:
    1. Was the ability to maintain connection to VM guest machines, while connected to VPN without enabling split tunneling a security flaw in the old cisco VPN client?
    2. Is there a way to maintain connectivy to VM machines installed in a computer and still connect to remote access VPN concentrator through host machine? (My question is about AnyConnect client only using IPSEC IKEV2 and I do not want to enable split tunneling)
    Thanks for your help,
    Razi                

    Did you figure this out?

  • How can I remotely access my computer from a different location on Apple Remote Desktop?

    I downloaded Apple Remote Desktop and am trying to access our computer at our church that is in the auditorium and work on slides for ProPresenter from my office which is on a different network. The Mac Pro, which is in the auditorium, is connected to a Netgear wireless router. I would also want to be able to have access to observe and control the screen on the Mac Pro whether I am in my office or at my house. I have tried everything from going to portforward.com, followed those instructions, did port forwarding, used ipchicken.com to get my external IP and made sure that the Mac Pro had a static internal IP address and made sure the computer had access for remote management. Any help to resolve this issue would be greatly appreciated! Works fine when it is on the same wireless network, but I need access being on a different wireless network. Thanks!

    Hi austinmac14,
    So the steps listed bellow assume some things. They assume that the Airport Extreme Router your configuring is connected directly to the internet connection. And that the Airport Extreme is the only router between your computers and the internet.
    That means we're talking about say a DSL modem plugged directly into the Airport Extreme, or a cable modem. in ether case, this assumes that said modem, is not acting as an internet router.
    If your modem has multiple ethernet ports on it, or has a little antenna sticking out of it, then your modem is probable also a router, and these steps listed bellow will probable not work.
    Also these steps are so one person, can connect to one computer at your work.
    Open Airport Utility:
    go to the dock
    Click on the finder
    go to the menu bar
    Click on the "Go" menu
    Chose "Utilities" from the "Go" Menu
    double Click on "AirPort Utility"
    Access the Base Station:
    Double Click on your Airport Extreme BaseStation that is your internet connection router.
    a new window should pop up with your Airport Base Station as the Window Name
    Configure Static Address for the computer you want to connect to via ARD:
    Click on the internet Icon from the toolbar
    Click on the "DHCP" tab
    For "DHCP Reservations:"  Click on the "+" button
    For the "Description" put "ARD"
    For "Reserve Address by:"  set "DHCP Client ID"
    Click the "Continue" button
    For "DHCP Client ID:" set "ARD"
    write down the number in "IPv4" address field
    Click the "Done" Button
    Configure routing to ARD computer:
    Click on the "Advanced" icon from the tool bar.
    Click on the "Port Mapping" tab
    Click on the "+" button
    for "Service:" Chose "Apple Remote Desktop"
    for "Private IP Address:" copy the exact IP address you wrote down in step "3. 8)"
    Click the "Continue" button
    Click the "Done" button
    Click the "+" button
    For the pulldown menu "Service:" Chose "Remote Apple Events"
    for "Private IP Address:" copy the exact IP address you wrote down in step "3. 8."
    Click the "Continue" button
    Click the "Done" button
    Click the "+" button
    For the pulldown menu "Service:" Chose "Remote Login - SSH"
    for "Private IP Address:" copy the exact IP address you wrote down in step "3. 8."
    Click the "Continue" button
    Click the "Done" button
    Click the "Update" button.
    wait for the Airport Extreme to update, and for your computer to reconnect to the airport extreme. (make sure you can load and browse websites.)
    Configure the ARD computer to use the correct IP address:
    Go to the computer you want to be able to remotely connect to
    On that computer, Go to the menu bar
    Chose the "Apple" menu bar
    Chose "System Preferences…"
    Click on the "Show All" button
    Click on the "Network" icon
    For the active network connection, (the connection on the left side with the green dot), click on it
    Clock on the "Advanced…" button
    Click on the "TCP/IP" tab
    for the "DHCP Cient ID: field put "ARD".
    Click the "OK" button
    Click the "Apply" buttonNOTE: Under "Status" you should see "(connection name) is connected to (airport base station name) and has the IP address (IP address)." the "(IP address)" address displayed should match the IP address you wrote down in step "3. 8."
    Find out what your public internet IP address is.
    On the computer you wish to connect to over the internet, gotohttp://whatismyipaddress.com/
    when the web page loads, you should see "IP Information:" fallow by a number like 192.168.0.1, write down what ever number it is.
    At this point you should be able to connect to the computer remotely
    connect to the internet from another location.
    open Apple Remote Desktop
    go to the file menu
    chose connect to computer using ip address
    set the address to the address to the IP address you wrote down for step 6. 2.
    use the same password as you used to connect to the computer at work using ARD.
    So here the catch. If your router gets reset... well then your going to have to configure it again. Also all the same rules you have to connect to the computer at work, also apply to connecting to the computer from over the local network. That means your computer need to be on or sleeping. And if it's sleeping it need to be configure to wake for network access.
    Also some network connections change.  When it comes to internet connections, some connections are static IP, while other connections are DHCP. If your connection is static... great! if it's DHCP, your address may change. If it dose.. well then your ability to connect will break. And then you'd have to do step 6 & 7 again.
    Of corse there are ways around this. But that's kind of another conversation.
    Some internet locations may block your ability to connect to your computer at work. This is very common at schools, and companies. Basically any place that tries to control your ability to browse the internet, may block remote access to computers; because a remote computer would completely by pass their web filter.
    ALSO there is an easier option. As far as setup. There are programs designed to make remotely accessing your mac as easy as possible. For instance there is LogMeIn or Slack. With both of these programs, it's simple. make sure your computer is always on. Then install the software. Create an account with the service. And then you can connect to the computer almost any where by going to their website.
    This option requires no router configuration. It handles DHCP. It's designed to work in as many locations as possible.

Maybe you are looking for

  • HT4623 why wont my iphone allow me to purchase any apps

    my account settings on my iphone 5 keep telling me to contact itune support to complete a transaction.  Any help?

  • Urgent iMac Hard drive question!

    I have an 08 20" iMac with a bad hard drive.  I am looking to replace it.  Is there a list of compatible hard drives somewhere so I know what to look for?  Also, I have a MacBook pro from the same year. Am I able to use the hard drive from the MacBoo

  • URGENT: problem with orasso.wwsso_api.authenticate_user  warn_code

    I am facing a problem with a certain API call in Oracle 10g Portal (9.0.4) while it is running with an infrastructure database of Oracle9i Enterprise Edition Release 9.0.1.5.1. I am trying to access a user authentication api in the ORASSO schema. Thi

  • Exchange Partition Problem

    Hi, I am trying to create a partition table for a non parttition table. create table dept_test partition by list(deptno) (partition p10 values(10), partition p20 values(20), partition p30 values(30), partition p40 values(40)) as select * from dept wh

  • P6 Report - Filter based on activity dates

    Good morning, I'm working on a report that should include all the activities in a project that respect the following condition: Finish date > BL1 finish date + 3 months As i can see I can compare a date with a standard date variable (Earliest project