we have a SA700 with NC with which we are securing access to our LAN
we also use TeamViewer to support our remote users
however when NC kicks in it disconnects the TeamViewer session
how do i get access to TeamViewer whilst my remote users are connected via NC?
i can't just put a list of exceptions for the TeamViewer Internet hosts as their network is apparently over 200 machines that changes constantly
advice from TeamViewer tech support is to globally open access to TCP port 5938
would appreciate any advice
This will depend on if you want the traffic to go through the network connect tunnel or the physical adapter. Split tunneling should work as any traffic not defined by the resource policy will go through the physical adapter. There may a short disconnect, but I would assume TeamViewer will reconnect shortly after.
If all traffic will need to go through the tunnel, are the end user able to reconnect the TeamViewer session after creating the network connect tunnel? If they are not able to connect, then this may be an issue with the policies which is not allowing access.
the TeamViewer hosts are all on the Internet and i would like the TeamViewer traffic to go through the physical adapter
i looked in to Split Tunnelling but whilst i could see where to send LAN traffic down the tunnel i couldn't see a way of sending only TCP port 5389 traffic only to all other hosts out the physical adapter
You would not need to set this as a policy. All traffic that does not match the split tunnel policy will go through the physical adapter.
Pre-7.0, it is not possible to set only one port to go outside the tunnel.
In 7.0+ there is an option for exclude routes in the split tunneling network.
I would expect that if you enabled split tunneling on the role and created two split-tunneling policies, as defined below, this should work.
1) exclude policy for tcp://*:5389, udp://*:5389
2) allow policy for <yourLANNetworkHere>