Don's got the right info. You will need access to the customer's router (or to their network guy). If it was static IP it would be easier, but you said their are dhcp.
Some newer routers have built-in dynamic dns settings. I've recently used some Cisco/Linksys with built in settings for dyndns.org, I saw a Verizon router had it too. I set up an account of my own with dyndns.org, you can do it with a free version, but I think you have to regularly notify that you are using the account and maybe some other limitations. Once I have an account name for the client, I set up their router with that name. Then by using the dyndns name you will always be able to access the router online. I then set up port forwarding on the router with maintenance ports (10000 for the TVA) going to the IP address of the LAN card. Yes, it is less secure, than have a vpn tunnel (some of my clients require that) but it is only going to the TVA to it is not a vulnerable as a PC would be. Good luck! Charles Charles Patterson [email protected] Patterson Communications, Inc. Tarrytown, NY On Fri, Apr 29, 2011 at 4:18 PM, Donald Williams <[email protected]> wrote: > Ross, > > There are multiple ways to attack this problem. Which options are available > will depend on the capabilities of the firewall/router that faces their > Internet access. > > DHCP addresses tend to sticky so once you know the IP address for the TVA50, > the address will probably not change unless the router/firewall is swapped > out. > > Some people create a mapping between ports on the external IP address and the > internal IP address and the ports used by the maintenance program. I do not > use this approach as it leaves the internal device vulnerable to an external > attack. > > A tunnel can be created between your firewall/router on your network and the > firewall/router on their network. Their internal addresses then appear to be > part of your internal network. The address range must be different between > the two internal networks. So one could be 192.168.1.0 and other 192.168.2.0 > with a 255.255.255.0 subnet mask in each case, for example. I find > maintaining the tunnel to be a bit of a pain. If something goes wrong a trip > might be necessary just to fix it. > > Their firewall/router may support a VPN capability. Then when you want to > access their network, you log into their VPN service. Your computer then has > a route to their internal network. The address range must be different > between their internal network and your local network. You need to know the > external IP address of their network - either a static IP address or though a > service like DynDNS. Since the VPN service is visible from the Internet, > security is a concern. Good user ID's and passwords are important. Limiting > the range of external address from which connections will be accepted helps. > All of our small sites have gravitated to this approach. > > I have some control over the remote site networks, so this is easier for me > to implement then where there is an arms length relationship. > > I can provide more details if there is interest. > > Don Williams > Network Monkey > (or Network Engineer for a research institute) > > > > > -----Original Message----- >>From: "Ross L." <[email protected]> >>Sent: Apr 29, 2011 10:09 AM >>To: KXT Mailing list <[email protected]> >>Subject: KX-T: remote access TVA >> >>Have a tva50 with a lan card. Oh, by the way Charles P was right on with the >>google email acct. >>Great way to set up email notification and forwarding. Thank You Charles P. >>How do you access the lan card in the tva50 on the customers network for >>remote programming? >>They use dhcp settings. >>Thanx >>Ross/ Phonedr >>_________________________________________________________________ >>KX-T Mailing list --- http://kxthelp.com/ >>Subscription changes: http://kxthelp.com/mailman/listinfo/kxt > > > -- > Don Williams > [email protected] > > _________________________________________________________________ > KX-T Mailing list --- http://kxthelp.com/ > Subscription changes: http://kxthelp.com/mailman/listinfo/kxt > _________________________________________________________________ KX-T Mailing list --- http://kxthelp.com/ Subscription changes: http://kxthelp.com/mailman/listinfo/kxt
