Remote Clients cannot backup

[SparcV]

Case 05304234

I'm new using Veeam, and I have it working well for all my internally accessible hosts. I'm having a problem with getting non-vpn remote machines to backup.

I have mapped all the ports that are needed to the Veeam Backup Server (Windows).
Created a Protection Group for the external hosts using Computers with pre-installed agents option.
Create a distribution package for Windows.
Created a job for this group and put in the public ip address for the backup server to use.

Install the agent using the packaged directions.

All seems to be ok. However I noticed the packaged xml file contains only internal hostname, and IP of the backup server. Because of this the agent does not connect to the server.

So I figured I'd just alter the XML and replace the internal addresses with the public one, and reapply. Well it now connects to the backup server for management, BUT when I start a backup it fails .
I noticed that the agent communicates to the Server's public IP over port 10005, but when it attempts to start to send data the agent tries to connect to the internal IP over TCP port 2500, and well can't obviously.

How can I fix this? I have all the ports mapped TCP 2500-3300 and TCP 10005 correctly.

[HannesK]

Hello,
and welcome to the forums.

How can I fix this?

By re-designing the solution. In your case: use VPN. Theoretically: For the "backup over the internet" scenario, there is "Veeam Cloud Connect Enterprise", which is a different license. Looking at the case, it seems like your company is not eligible for the Cloud Connect Enterprise license. That's why I wrote "theoretically".

Exposing backup components directly to the internet is a bad idea from a security perspective. Also NAT is not supported.

Best regards,
Hannes

PS: I asked support to close the case, as it is a design question and not a "it's broken issue".
PPS: I also edited your support ID to the support case number