Advertisment: Broadband via satellite
Advertisment: Worldwide satellite services from Ground Control Company

www.satsig.net

Satellite Internet Forum.

Welcome, Guest.        Forum rules.
      Home            Login            Register          
Pages: 1

Remote Network Management via Satellite

(Read 8103 times)
inquisative
Member
★★
Offline



Posts: 9
May 13th, 2008 at 6:14pm  
I'm a small ISP. I have approx 40 subscribers. My backhaul is via satellite. The LAN side of the Satellite is Wireless ( Router linked to satellite modem, Wireless access point linked to Router via ethernet, CPE's associate wirelessly with AP and customers PC's are linked to CPE via ethernet.)

Problem: The network is 5.5 hours drive from where I live, so supporting the network is difficult. I want to be able to access the network remotely from home .i.e be able to see the LAN ( Router, AP and customer CPE's) through the satellite so that I can solve problems and manage the LAN remotely.

My question is: What do I have to do or How do I set up the system to be able to manage it remotely, given that I have to go through the satellite?
Back to top
 
 
IP Logged
 
Eric Johnston
Senior Member
★★★
Offline



Posts: 2109
Reply #1 - May 13th, 2008 at 7:26pm  
I would guess that your satellite modem provides you with a gateway IP address for your LAN and that this IP address is a private IP address (part of the satellite service providers network).  If this is the case you need to ask them to forward a public IP address through your satellite modem to the private IP address you are using for your wireless router. (Note you will have your own invented range of IP addresses for your wireless customer LAN, but this is not relevent since you are not trying to access one of their PCs.)

You can then go from your home to the wireless router using telenet abc.abc.abc.abc, or to the web interface of the wireless routher using https://abc.abc.abc.abc

Be extremely careful about security and use the longest possible management password on your wireless router and change it regularly.  If your router has enhanced security use it.  It may be possible to permit only your home IP address to get through.  Your satellite service provider can help here with a similar routing restriction put into their VSAT hub router. Talk to them as see what they suggest.  They may be able to do a 'port forward' so that you can get to your wireless router by using say
https://aaa.bbb.ccc.ddd:12345   The aaa.bbb.ccc.ddd might be the public IP address of the VSAT hub router.

I hope more people here will add their comments.  Setting up routers is a skilled job and needs to be done really carefully to avoid opening up security holes.

If the above does not sound as though it will solve your problem there is the possibility of an encrypted GRE tunnel.  This allows you have a LAN at your home and the same LAN at your remote site. e.g 192.168.21.xxx at your home and 192.168.22.xxx at your wireless router.  Using a GRE tunnel, the items at the end of the satellite link appear to be close by, all within the same LAN 192.168.xxx.xxx

As above, this needs setting up by an expert. Similar proper Cisco routers at each end are recommended.

Best regards, Eric.
Back to top
« Last Edit: Oct 13th, 2010 at 11:17am by Admin1 »  
 
IP Logged
 
inquisative
Member
★★
Offline



Posts: 9
Reply #2 - May 13th, 2008 at 10:44pm  
Thanks Eric.

Yes, the Vsat modem is the gateway to the net, it's IP is 192.168.1.1. The LAN Routers IP is 10.1.1.1, GW 192.168.1.1. It's not a wireless router. The AP's(Access points) are ethernet to the Router. Wireless link then from AP's to subscribers CPE's. The CPE's have static IP's on the Wireless side and dish out DHCP to customer PC's.

Majority of my problems are with the CPE's or occassionally the AP's. These are what I want to be able to see into. I'm not interested in seeing into the customers PC.

A Public IP would solve the problem, however Satellite NOC for some reason refuse to give me a public IP. I have to bypass the satellite somehow.

I'm wondering if I connected a modem to the router, then I might be able to use a dial-up connection to connect to the router and access the AP's and CPE's that way.

Any help appreciated.
Back to top
« Last Edit: Oct 13th, 2010 at 11:19am by Admin1 »  
 
IP Logged
 
Eric Johnston
Senior Member
★★★
Offline



Posts: 2109
Reply #3 - May 14th, 2008 at 9:34am  
I don't know how to connect a dial up modem to a router. 

A PC however might have both a dial up modem (so you can get in) and an ethernet connected to your LAN.

You could then, using your home PC, dial up the LAN PC and control it using VNC perhaps ?

Please would other help with advice and ideas ?

Best regards, Eric.
Back to top
 
 
IP Logged
 
Oasis Networks
Senior Member
★★★
Offline



Posts: 232
Reply #4 - May 14th, 2008 at 10:49am  
just to get it clear:
Would you like to access the network through the satellite link or through the wireless network? (from the internet or from any wireless CPE)?
Back to top
 

www.oasisnetworks.net - Oasis Networks - Online with you!
IP Logged
 
HVYMTL
Senior Member
★★★
Offline



Posts: 69
Reply #5 - Jul 18th, 2008 at 4:05am  
As suggested, a local computer, something simple, connected to your vsat source would be the best choice in my opinion to support anything on your network. There are many choices for security, construct your own and use a vpn and VNC as suggested, or enlist the use of a web connection VPN service like logmein or one of many available.  a local computer under your control through a VPN would be my best solution. you might find someone locally willing to share a their computer as a host for your occasional admin work, but your limited to their non use times. Take a look at the small Linux palm size computers running a solid state HD, no fan, very compact around 6x6x2". I have a Zonbu unit, and there are many others that fit in palm of hand that would function as a remote host for your needs. Many have installed Win product OS on these same small box products, about the same size as a AP or router appliance.
Back to top
 
 
IP Logged
 
spacesegment
Member
★★
Offline



Posts: 10
Reply #6 - May 26th, 2010 at 10:48am  
Our MSP network appliance will be the ideal product for your ISP that will solve many of your management issues. If interested, mail me mvdlinde@sholga.com

Kind regards

mark van der Linde
Back to top
 
 
IP Logged
 
Pages: 1