We provide VPN access so employees can access our corporate network. If someone needs to access the equipment network, they can either log into a proxy server that authenticates them and allows them to telnet to the device they need to connect to or they can be directly connected within the network.
We recently started using GUI craft software to connect to our server and network equipment, which works great as long as we're directly connected. It will not work if we try to connect through the proxy servers.
Is there a way we can allow the GUI software to work across the two networks without making major changes?
Proxy servers seem to be the biggest part of these types of problems, mainly because of their configuration. When a proxy server receives a request, based on its configuration, it will either fully "re-write" the request and send it to its destination or alter a small portion of it and then send it out.
You'll need to check the configuration of your proxy server and then see what parameters you can temporarily change so the proxy server does not re-write client requests before sending them to their destination.
A packet sniffer and protocol analyzer will also greatly help in these situations. Take a sample of a "directly" connected client, which seems to work, and then of a VPN client. This sample must be taken from both sides of the proxy, so you see what's happening before and after the proxy server from both scenarios.
Comparing the two will certainly help you see if these requests are actually getting to the test equipment, but not finding their way back to the VPN client.
The next thing I'd do is to start Googling for similar problems using your proxy and GUI program in the search string. I'm sure you'll be able to find an answer or workaround. It's just a matter of troubleshooting it and figuring out where the problem really resides.
Best of luck!
This was first published in April 2005