Intel® Business Client Software Development
Support for Intel® vPro™ software development and technologies associated with Intel vPro platforms.
1381 Discussions

Managing PCs behind NAT

informak
Beginner
‎12-26-2006 03:43 PM
913 Views

Hello. I've overviewed the RDK and API documentation and, if I'm not wrong, I can't specify the port for managing a PC, only the IP address. This means that, if I have several PCs behind a router with NAT sharing the IP address, I could only manage 1 PC, the one that has mapped the connections to ports 16992 ... 16995, isn't it?
Thanks
0 Kudos

Link Copied

3 Replies
ylianst
Beginner
‎12-26-2006 08:23 PM
913 Views

Hi there,

You are correct, if, your IAMT management console does not allow you to change the default port numbers. This said, there are a few work arounds: Probably the best would be to get yourself a VPN router (I would recommand a Linksys WRT54GS with the DD-WRT firmware and use PPTP to VPN into your network. I use this at home and it's great). This solution is also way more secure if you run your computers in "Small Buisness Mode", since it will add encryption.

A different a also very good solution is to SSH into a computer on your network and use SSH tunneling to the computer you want to manage. This is also very secure, you can only manage one at a time, but it's easy to change the mapping.

Ylian

0 Kudos
Copy link
informak
Beginner
‎12-27-2006 12:17 PM
913 Views

Hello. I have some doubts about the workaround for accesing several PCs behind a VPN router with NAT without modifyng the administration console to support address with port.

To use VPN, I must configure the ADSL router to establish a permanent VPN connection to a VPN server in the console network, isn't it?
Then, will each PCs in the local LAN have a different address that could be used from the console, or will they still share the same address, in this case the address of the end of the VPN?
Will VPN allow incoming connections, unlike NAT?

If I develop a console that manages address with port, I'd could start from the RDK and it would be possible, I think, since most of it uses web services. But there are problems:
  1. redirection is based on a Intel propietary library and should replace it
  2. Perhaps information contained in alerts and events generated by AMT don't allow differenciate the PC that generates them
  3. Intel AMT RDK supports only SBM, isn't it?
Thanks
0 Kudos
Copy link
ylianst
Beginner
‎01-04-2007 09:03 AM
913 Views

Hi,

When you have a VPN setup, you can address all of the machines on the private network just like if you where connected to the private network. So, it will certainly work. Youshould look at OpenVPN for example, it will do the job, but I have never used it myself. With a VPN, your remote computer will get an IP address from the private network and can fully interact with machines on the private network.

1. Ha yes, I just looked at the Intel libraries and you are correct, the port is fixed.
2. Alerts include the platform GUID and so, you should be ok.
3. That's correct.

In general, I would look into setting up a VPN. Even if you where to change the port numbers, it's not as elegent a solution as using a VPN.

Ylian

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.