By Gerry Morris
This month’s column draws upon some topics I’ve covered in previous months to address a specific situation. My good friend Debra Bruce, whose column runs along side this one in the Law Practice Management Newsletter, asked me how she could configure her home office network so that an associate at another location could access Debra’s desktop computer over the Internet not only to share files but to actually run programs. The ability to access an office computer over the Internet from a remote computer outside the office is extremely useful. I connect with my office desktop computer from my home computer just about every day. Although this can be accomplished through a fairly complicated VPN (virtual private network) setup like I’ve described in my previous columns it can be done with a fairly simple VPN setup for the astonishing cost of nothing assuming the computer to be accessed is connected to a high speed always on Internet connection such as Roadrunner cable or SBC Yahoo DSL. Also, the computer at your office that you want to allow a remote user to access must be running Windows XP Professional. XP Home Edition doesn’t have the components necessary to set up the type of connection I’m about to describe. The remote computer can be running Windows XP Home Edition or Professional.
I’m going to provide step by step setup instructions but I’m going to refer the reader to some of my previous columns for more detailed information on some of the steps where I’ve covered them before. That way I can stay within my column length limitations. You can see the links to all the previous newsletters at:
http://www.texasbarcle.com/CLE/LMNewsletters.asp .
Step One. Subscribe to a Dynamic IP DNS Service.
Chances are your Internet provider assigns you a dynamic IP address. That means that the unique address on the Internet of your cable or DSL modem changes every so often. In order to find your network system on the Internet an outsider would have to know your current IP address. IP addresses for web sites are associated with alpha numerical names. To find the Microsoft web site, for instance, you type www.microsoft.com into your browser rather than http://207.46.20.60. Either will get you to Microsoft’s web site but www.microsoft.com is easier to remember. Something called a DNS server contains a table that relates the alphanumeric web address to the numeric IP address. There are services that will relate a dynamic IP address to an alphanumeric address by utilizing a piece of software installed on your computer that transmits about every 10 minutes your current IP address to a DNS server where the new IP address is “mapped” to the alphanumeric name you’ve selected for your computer. The software should be installed on the computer that you want to access from outside your home or office. See my April 2005 column for a more detailed explanation of dynamic DNS services. You’ll also find a discussion of a couple of specific dynamic DNS services including www.dyndns.org which is absolutely free. When you get to the Dyndns.org web page click the “Services” link and then “Dynamic DNS.” On that page you’ll find a “How to” document that will explain how to set up the service. You will need to download and install one of the third party clients that automatically send the current IP address to the Dyndns.org DNS server.
Step Two. Configure the Desktop Computer to be Accessed with a Static IP Address.
If the computer you want to access from outside the office is connected to the cable or DSL modem and not a router you can skip this step. If there is more than one computer sharing the Internet connection via a router the computer that you want to access from outside has to be given a static IP address so it can be found “behind” the router. This is a different IP address than the one discussed above. That one is the Internet address of your cable or DSL modem. The one assigned to your desktop computer identifies it uniquely on your local network. Your network is probably configured so that each computer connected to the router gets a dynamic IP address from the router. However, you can assign a computer a specific IP address as long as it is within the range that would ordinarily be assigned by the router. Here’s a simple way to figure out what IP address to assign your computer. Click the “Start” button and then click “Run.” When the dialogue box appears, type in “cmd” without the quotes. Then click OK. A “DOS window” with a command prompt will appear. At the prompt, type “ipconfig” without the quotes and hit Enter. You’ll see three IP addresses appear. The one that is designated “IP address” is the current IP address of your compute that has been assigned by the router. Write it down. Also write down the “Subnet Mask” and the “Default Gateway” IP addresses. Close the window.
Next, click the “Start” button again. Click “My Network Places” and when the window appears, choose the “View Network Connections” link on the left side. (If you don’t see “My Network Places” click “Control Panel” and click the “Network Connections” icon. You’ll see the same information described below.) Another window will open with icons visible. Right-click the icon that is labeled something like “Local Area Connection” and choose “Properties” from the drop-down menu. When the Properties box appears click on Internet Protocol (TCP/IP) to highlight it. Then click the “Properties” button. Finally, you’ll be presented with a box that has something to do with IP addresses. Click on the button labeled “Use the Following IP address.” Type in the addresses you copied down from the DOS box. The labels will be familiar. Also, it probably will work better if you type in the address for the default gateway as the DNS server address after clicking the button to allow manual entry. If you have trouble reaching web sites after making the changes, go back and choose the setting to find the DNS server address automatically. Close all the settings boxes by clicking OK. When your back to the box labeled “Network Connections” and again right-click the icon for the “Local Area Connection” and click “Disable” from the drop down menu. Wait a few seconds and right click it again. This time click “Enable.” You should now start your web browser and see if you can reach a web site. If you can everything was done correctly. If not try again. You can always go back to the setting allowing your computer to be assigned a dynamic IP address if you want to start over.
Step Three. Direct VPN Traffic Through Your Router to The Desktop Computer.
If the computer you want to reach from outside is connected directly to the modem, you can skip this step. Otherwise, find your documentation for your router. Every router I’ve ever seen has a way to direct certain Internet traffic from the outside to a particular computer. The setup program of the router typically will have one screen that allows you to direct traffic aimed at a particular port (think of it as a door that a particular type of traffic can enter your system through) to one of the computers behind the router on your network. In this case we want to direct traffic entering through TCP Port 1723. That’s the door through which VPN traffic enters. The setup screen will have some method of directing traffic entering through this port to a particular computer identified by its IP address. Direct the traffic from that port to the static IP address of the computer you want to access from outside the office. Unfortunately, since there are so many variations of routers I can’t give a “one fits all” explanation of how to do this. If the router’s manual doesn’t help I would suggest calling the manufacturer’s tech support. It is highly likely that there is a way to do this since it’s a common configuration for VPN’s.
Step Four. Set up Your Computer in Your Office to Accept VPN Connections.
Windows XP Professional has the built in capability to act as a VPN server for connections to the computer upon which it is running. Here’s how you set that up. Again, click the Start menu chose “My Network Places” and then choose “View Network Connections.” Then choose “Create a new connection” on the left side of the window. A setup wizard will appear. Click “Next.” Then click “Set up an advanced connection.” Click next and then choose “Accept incoming connections.” Click “Next” again and choose “Allow virtual private connections.” Go to the next screen and select the user that you want to allow to connect to your computer. If you haven’t created a user account (user name and password) for the person you want to allow to connect to your computer, you have to do so before completing this process. Click next and choose the Internet protocol as the type of networking software that will be enabled. Go to the next screen and click “Finish.”
Step Five. Enable Remote Desktop on the “Server Computer.”
Windows XP Professional has an excellent remote desktop program that accepts a connection by a remote computer and allows the person at the remote computer to basically operate the server computer. To enable this feature on the desktop at your office click the Start menu and chose “Control Panel.” From the Control Panel chose the “Performance and Maintenance” link if you are in the “Category View.” Then click the “System” link. (If your control panel is configured for the “Classic View,” double click on the “System” icon. When the System box appears choose the “Remote: tab.” On that screen below “Remote Desktop” select “Allow users to connect remotely to this computer.” If the user that you want to connect remotely does not have full access (administrative privileges) on your desktop, click the “Select remote users” button and follow the instructions to allow the user access. Close everything and your set to go on the office computer.
Step Six. Configure the Remote Computer to Connect to the Computer at Your Office.
Some of this will be familiar. On the computer outside of your office that will connect to the one inside your office click “Start,” “My Network Places,” “View network connections” and “Create new connection.” Start the wizard, and this time at the second screen chose “Connect to the network at my workplace.” At the next screen choose “Set up my connection manually.” At the next screen choose the option for a broadband connection. (This assumes that the remote computer is also connected via a broadband connection that is always on. If not choose the appropriate setup routine in the wizard.) At the next screen type in the label you want to use to identify the icon that will eventually be associated with the connection. (A name for the icon you’ll click on to start the connection.) At the next screen choose not to have windows dial a connection. At the next screen type in the Internet address of your office network that you’ve chosen on Dyndns.org or whatever service you’ve chosen. Go to the next screen and click “Finish.” To test the connection click the “Start” menu and chose “Connect to.” In the drop down menu you should see the name of the connection you just created. Click it and you should be prompted to enter a user name and password. Here enter the user name and password for the remote user and click “Connect.” You should see the connection progress and finally see a message showing that the connection has been completed.
Step Seven. Configure the Remote Computer for Access.
On the computer that will be used to connect to the computer at your office you must configure the Remote Desktop client. On that computer click the “Start” menu, choose “All Programs” and then “Accessories.” Under “Accessories” choose “Communications” and then “Remote Desktop Connection.” When you start the application you’ll be prompted for a computer name. Type in the static IP address you assigned to your desktop computer at work. With the connection from Step Six above established click “Connect.” You’ll then be prompted for a user name and password. Enter the user name and password for the remote user. You should shortly see the desktop (screen) from the computer at your office appear on the remote computer. You’ll be able to control the office computer from the remote computer and do anything you could do sitting at the computer in your office.
The above routine will work most of the time. However, if there is firewall software on the office computer it may interfere and prevent a connection. The built in Windows firewall should be configured automatically during the above routine to allow a remote connection. If you have another brand of firewall software consult the product documentation to allow VPN connections.
I’ve set up several systems to allow remote access using the above steps. Occasionally, I’ve encountered a problem I just couldn’t solve. I’ve always suspected the problem was related to some type of firewall at the ISP level. I haven’t run into a problem lately. Give it a try and hopefully, everything will work fine.
E. G. “Gerry” Morris is a solo practitioner and has practiced law for over 27 years in Austin, Texas. He is certified as a Criminal Law Specialist by the Texas Board of Legal Specialization. His firm web site is at www.egmlaw.com. Email your comments and questions to Gerry at tech@egmlaw.com.
No comments:
Post a Comment