Correct & secure remote access - How?

[visualspirit]

I've recently become a trained 3300 installer, but something that wasn't covered on the course was how to securely and correctly connect to a 3300 remotely.

Of the ones I have installed, the IT departments have been reluctant to give any remote access whatsoever. They will only allow connection through a local PC via LogMeIn. This is frustrating because either the PC is being used or is switched off.

I've asked customers for port forwarding, even just set up direct to our office's static IP address. Also I've asked for VPN connections, but I'm given the cold shoulder.

It's getting to a point where I'm suggesting to my boss that we install seperate DSL lines to give remote access.

Is there someway of remotely accessing a 3300 that I'm missing?

[matthew]

Not really, in my experience. There was a dialup doodad (Media Access Gateway, or some such) but we haven't put one in in years. Just charge more for your visits and make sure the boss of the customer knows it. It helps if you have a static IP at your office that the network admins can lock your access down to, as well.

[ralph]

Issues getting remote access to a customers network is simply just a "fact of life" you have to deal with.
Every customer will have it's own remote access policy.
I have multiple customer that give access via logme in and I have other customers that provide remote access via a VPN of some sort.
Frankly, if I were a network security tech, I would not allow remote access at all.
Allowing a third party access to my network would drive me nuts as I have no idea what type of security that they would have in place and who has access to it.   And what happens to login creds when someone leaves the third party company?
And being one of those that were affected by last weeks major data breech I'm even more sure I wouldn't want anyone in my network.

But, we need to be able to service these systems remotely.   If there was a problem with a system then to have to wait for a truck roll is a bad thing.
So compromises need to be made. 
I like logme in if only because it can be controlled by the customer.  Having them turn on/off the PC is a good way to know who's coming into the system so I have no problem with that.
I also like the security key fobs.  With key fobs the password literally changes every 60 seconds.

Of course my favorite, from a service perspective, is still the Cisco VPN.   It makes my life a lot easier for some of the heavier service work I do on some of these systems so I'm always grateful when I have this type of access.

But, bottom line is, remote access is going to be based on the security needs of whoever you're connecting to.   If if cost you more to service them then your maintenance cost will need to reflect that.

Ralph