Scenario 1 - Several networks using Network Address Translation (NAT)

Figure 1. Several networks using NAT


In this scenario, there are multiple networks with targets in all of the networks and the controllers all in the Company Head Office. The NAT routers in the branches prevent the controllers from connecting directly to the targets in the branches and therefore, a gateway must be installed in each network.

Similarly, Gateway 1 cannot connect directly to the gateways in the branches and therefore, Gateway 2, 3 and 4 must connect to it first.

In such a scenario, Gateway 1 must be able to accept the connections from the other gateways and from controllers trying to initiate remote control sessions against targets located in other networks.

However, Gateways 2, 3, and 4 must establish a connection to Gateway 1, and must be able to locate targets in their networks.

Gateway 1 roles:

  • Accept remote control connections from gateways 2, 3 and 4. The gateways in each of the branches will connect to gateway 1.
  • Accept connection requests from controllers in the head office so that they can be forwarded to the gateways in the branches to allow them to locate the correct target.
  • Therefore the configuration file for, Gateway 1 will contain the following entries:

    Inbound.1.ConnectionType = Inbound

    Inbound.1.PortToListen = 8881

    # Optional:

    # Inbound.1.BindTo = 0.0.0.0

    # Inbound.1.RetryDelay = 45

    # Inbound.1.Passphrase =

    Inbound.1.AllowGateways = true

    Inbound.1.AllowEndpoints = true

Nothing else is required for Gateway 1.

The inbound connection, named Inbound.1 in this example, will allow connections from the other gateways on port 8881. The optional parameters can be configured as required.

AllowGateways set to true, configures the gateway to accept connections from gateways 2, 3 and 4. While AllowEndpoints determines if the gateway is also going to receive controllers requests and therefore, should forward these requests to other gateways in order to locate the right target in their respective networks.

Gateway 2, 3 and 4 roles:

  • Create control connection to Gateway 1.
  • Locate endpoints in the branch network.
  • Therefore the configuration file for, Gateway 2, Gateway 3 and Gateway 4 will contain the following entries:

    Gateway.1.ConnectionType = Gateway

    Gateway.1.DestinationAddress = gateway1_ipaddress

    Gateway.1.DestinationPort = 8881

    # Optional:

    # Gateway.1.BindTo = 0.0.0.0

    # Gateway.1.SourcePort = 0

    # Gateway.1.RetryDelay = 45

    # Gateway.1.KeepAlive = 900

    # Gateway.1.Timeout = 90

    # Gateway.1.Passphrase =

    Endpoint.1.ConnectionType = Endpoint

    # Optional

    # Endpoint.1.SubnetAddress = 0.0.0.0

    # Endpoint.1.SubnetMask = 0.0.0.0

    # Endpoint.1.BindTo = 0.0.0.0

    # Endpoint.1.SourcePort = 0

    # Endpoint.1.Timeout = 90

In this case, there are no inbound connections because there are no controllers or gateways connecting to Gateways 2, 3 and 4. These gateways are connecting to Gateway1 and this is defined by the Gateway.1 connection which has a connection type, gateway. The DestinationAddress of Gateway.1 is set to the IP address for Gateway1 and DestinationPort must match whatever is defined in Gateway 1 PortToListen. AllowEndpoints is set to true.

Another type of connection must be defined for these gateways, an endpoint connection (named Endpoint.1 in this example). This type of connection configures the gateway to search for a target that a controller may want to initiate a remote control session with. It is recommended to specify the subnet address and mask to reduce the amount of network traffic generated by the gateway. With the default values for the subnet, the gateway will try to connect to every single endpoint for which a request is received, even if the endpoint is in a remote network and is unreachable by the gateway.

In the trc server, you would also add Gateway1 by clicking on Admin > New TRC Gateway. The port number would be the one defined in the Inbound.1.PortToListen property.