Remote Tech Access to a BCM 400

[tech73]

Is there a recommended way to setup remote access to a BCM 400 for tech support?

We have a firewall in place and hoped to setup behind the firewall.

The phone installer gave us this info for remote access setup:

You will need a Public Static IP Address (This will be assigned to a VPN router or to the BCM directly)
The Static IP needs to have the capability of being “Ping” from anywhere.
This can not be behind a firewall or anything that would block any ports.
The only other option is that the company already has a VPN already in place and they allow us access to the BCM’s IP address with a VPN client. But it is usually easier to put the BCM on a Public static so that nothing has to be changed on their existing network.

Seems dangerous to install a BCM on a public address without some firewall protection.

We tried to setup with VPN, but cannot access the BCM as appears the default gateway/subnet are not setup properly and vendor was unsure on how to modify this info.

Do all ports need to be open for this remote administration or only port 80/443?

Any tech data that might be available regarding this setup?

Appreciate any advice.

 

[MagnaRGP]

If the customer has VPN already then you only need the customer provide you credentials that are limited to the IP address of the BCM. This is as secure as it gets. However, if they do not permit split tunnelling, you will not have access to the greater internet or local printers while connected.

I strongly do not recommend hanging the BCM out on the greater interweb.

 

[Knackster]

We have a terminal server set up with access from the WWW. Our support ccompany logs in remotely and launches element manager from within TS and life is good.

Now, I keep a restriction on that account so that they have to call me to gain access to the TS login. Then at midnight, I have a script that runs that disables TS logins for that account.

Works like a dream.

Chris
IT Manager
Houston, Texas