Jump to content
mikw

RDP via KSC to a computer off LAN [In progress]

Recommended Posts

Hi again,

 

I would like to be able to RDP to computers outside of our company's LAN but I'm stuck. I don't even know if it's possible.

 

I'm running KSC 434 and KEP SP1 10535. I have a connection gateway/update agent (server 2008) set up with external IP (DMZ) and all the necessary ports forwarded (support.kaspersky.com/9297).

 

Connection profiles are set up so the computers outside network can see Admin Server in LAN (connection via gateway).

 

Way it works currently is I cannot push updates or tasks or policies to those outside computers but the computers can fetch tasks/updates/policy changes whenever they report in to Admin Server. Computers are all seen as visible/active in KSC.

 

Now when I try to RDP using custom tools in KSC I'm unable to because of internal error. When I get on VPN i can RDP no problems.

 

What am I missing? Thanks for help.

Share this post


Link to post
Hi again,

 

I would like to be able to RDP to computers outside of our company's LAN but I'm stuck. I don't even know if it's possible.

 

I'm running KSC 434 and KEP SP1 10535. I have a connection gateway/update agent (server 2008) set up with external IP (DMZ) and all the necessary ports forwarded (support.kaspersky.com/9297).

 

Connection profiles are set up so the computers outside network can see Admin Server in LAN (connection via gateway).

 

Way it works currently is I cannot push updates or tasks or policies to those outside computers but the computers can fetch tasks/updates/policy changes whenever they report in to Admin Server. Computers are all seen as visible/active in KSC.

 

Now when I try to RDP using custom tools in KSC I'm unable to because of internal error. When I get on VPN i can RDP no problems.

 

What am I missing? Thanks for help.

Hi,

 

Unfortunately you cannot connect to computer via RDP located in public network without VPN.

 

Thank you!

Share this post


Link to post

Shouldn't it work using Network Agent? It creates a tunnel, right?

 

No chance to send a heartbeat from a laptop at the time of RDP attempt from KSC?

 

Thanks.

Share this post


Link to post
Shouldn't it work using Network Agent? It creates a tunnel, right?

 

No chance to send a heartbeat from a laptop at the time of RDP attempt from KSC?

 

Thanks.

 

Hello.

 

To have all connections between KSC and the Network Agent on the client computer established using a certain Network Agent host, this host needs to be assigned a Connection Gateway role for the managed computer group your target host belongs to. Note that this only works for connections established by KSC on ther server side, and Network Agent on the client side.

 

Thank you.

Share this post


Link to post

Like I said, I have a machine with public IP with connection gateway status assigned and all ports forwarded. RDP still doesn't work despite the fact the client computer is visible in KSC. Moreover client computer has connection profiles configured correctly so it knows to talk to Admin Server via Connection Gateway.

Share this post


Link to post

Hi,

 

Way it works currently is I cannot push updates or tasks or policies to those outside computers but the computers can fetch tasks/updates/policy changes whenever they report in to Admin Server.

It looks like connection from server side is broken for some reason and only connections from client side could be established every 15 minutes(syncronizaton period).

 

Thank you!

Share this post


Link to post

Can you tell me if connection via Connection Gateway is symmetrical? I mean does it go Client->Gateway->Server and back Server->Gateway->Client (provided client is in Management Group with that Gateway configured) or does it go back from Server straight to Client omitting the Gateway?

Share this post


Link to post
Shouldn't it work using Network Agent? It creates a tunnel, right?

 

No chance to send a heartbeat from a laptop at the time of RDP attempt from KSC?

 

Thanks.

 

Unfortunately, if server cannot address to client, then RDP connection is impossible.

Thank you.

Share this post


Link to post
Any updates on my question? Thanks.

 

As explained in the previous message, if a Connection Gateway is active, it works both ways for connections between Network Agents and the KSC server. However, RDP connections are not tunneled through it, they still rely in direct network accessibility.

 

Thank you.

Share this post


Link to post

What if I use RDP from Kaspersky's custom tools. When it connects I see it using 127.0.0.1 and a port 49152- 65535 which are used by kaspersky. Doesn't it negotiate connection using Network Agent?

Share this post


Link to post

I am interested in this question as well as we are attempting to achieve the same result. We want to have same management of functionality of Remote PC as onsite through KSC console. (Policy updates, RDP through KSC Console, task management of workstation) I can see remote IP, address of Connection Gateway in statistics of KSC for test machine. We were told that at least RDP would work by Kaspersky consultant.

 

KSC 10.3.407

KNA 10.3.407

KES 10.2.4.674

 

Share this post


Link to post
I am interested in this question as well as we are attempting to achieve the same result. We want to have same management of functionality of Remote PC as onsite through KSC console. (Policy updates, RDP through KSC Console, task management of workstation) I can see remote IP, address of Connection Gateway in statistics of KSC for test machine. We were told that at least RDP would work by Kaspersky consultant.

 

KSC 10.3.407

KNA 10.3.407

KES 10.2.4.674

 

Hello,

 

In order to connect remote machine KSC uses means of network agent.

If your machine is located somewhere in Internet then KSC server cannot "see" remote machine.

Thank you.

Share this post


Link to post

Network Agent is set to use Connection Gateway which is in DMZ with Network Agent to act as Update Agent. KSC sees internet address of remote machine and Connection IP address of DMZ server.

 

Hello,

 

In order to connect remote machine KSC uses means of network agent.

If your machine is located somewhere in Internet then KSC server cannot "see" remote machine.

Thank you.

post-24075-1471625206_thumb.jpg

Share this post


Link to post
Network Agent is set to use Connection Gateway which is in DMZ with Network Agent to act as Update Agent. KSC sees internet address of remote machine and Connection IP address of DMZ server.

 

You attached a screen shot which shows successful connection from agent to server,

but is server able to address to client ?

Thank you.

Share this post


Link to post

It looks as though the server sees the client and client to the server

 

You attached a screen shot which shows successful connection from agent to server,

but is server able to address to client ?

Thank you.

post-24075-1471632713_thumb.jpg

post-24075-1471632814_thumb.jpg

post-24075-1471633137_thumb.jpg

Share this post


Link to post

Hi,

 

Please enable connection tunneling at host context menu -> All tasks and once it established launch RDP connection.

 

Please inform us about result.

 

Thank you!

Share this post


Link to post

Hi,

Would this need to be done for each host?

 

 

Hi,

 

Please enable connection tunneling at host context menu -> All tasks and once it established launch RDP connection.

 

Please inform us about result.

 

Thank you!

 

Share this post


Link to post

The connection tunneling did not seem to work however select box on machine. Are there specific options that need to be set? I also tried selecting "Do not disconnect from Administration Server" and this did work.

post-24075-1472560111_thumb.jpg

Share this post


Link to post

Hi,

 

The connection tunneling did not seem to work

Is it correct that this host was avalible from KSC during tunneling?

 

Thank you!

Share this post


Link to post

Yes, host was available.

 

Hi,

Is it correct that this host was avalible from KSC during tunneling?

 

Thank you!

 

Share this post


Link to post

Hi,

 

Thank you for that info!

 

Please enable "Do not disconnect from admin server" at target host propertie and try once again.

 

Please inform us about result.

 

Thank you!

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.