Once your access gateway is successfully set up, you can begin by adding access endpoint devices behind it. An access endpoint is a device that resides within a segmented network and is accessed securely through an access gateway. Each access endpoint behaves like a standard managed device, with its own manager assignments and support for Conditional Access.
Create an access endpoint
To add an access endpoint to an existing access gateway, please follow the instructions below:
1. Sign in to the TeamViewer client.
2. Go to the Admin settings, and within the Device Management section, click Agentless Access.
3. Click the access gateway for which the access endpoint should be added, then click Add access endpoint.
4. Fill in the required details:
- Device name: This name will appear in your device list as a managed device. Choose something clear and descriptive.
- Connection method: Select either Tunneling, VNC, or SSH depending on your network setup.
- Tunneling
- VNC
- SSH
-
Remote Address: Only a valid IPv4 address is supported
-
Remote Port: The port on the target (remote) device to be tunneled
Range: 1–65535 -
Localhost / Auto / Custom IP: Defines which local address the tunnel binds to
-
Localhost: The tunnel is reachable only from the supporter’s machine
-
Auto: The system selects the appropriate local IP automatically
-
Custom IP: Lets you set a specific local IP if needed
-
-
IP: The IP address on which the local port should be reachable from the supporter’s machine
-
Local Port: The port on the supporter’s machine used to initiate the tunnel
It is typically auto-assigned, but can be customized if needed
- Remote Address: Accepts any hostname or IPv4 address
- Remote Port: The port on which the VNC server is running. Typically: 5900
- Password: The password configured on the VNC server for remote access
- Encryption key: The UltraVNC .pkey file generated by the UltraVNC application using the secure plugin. Used to ensure encryption between the gateway and the VNC endpoint
- Username: The username used to initialize the SSH connection, for example:
mustermann in [email protected]
-
Remote Address: Accepts any hostname or IPv4 address
-
Remote Port: The port where the SSH server is running.
Default: 22
5. Rollout configuration: Select the rollout configuration that matches your environment.
Note: Ensure that you are assigned as the device manager in the selected rollout configuration and that the following manager permissions are granted:
- Device administration
- Manager administration
- Policy administration
- Description administration
- Custom fields administration
- Access control management - Easy access (unattended)
6. Click Add Device to complete the setup.
The access endpoint has now been successfully created within your company. The new device will appear under the selected access gateway in TeamViewer and can be managed in the same way as other devices in your infrastructure.
Set up an encrypted VNC endpoint
VNC Encryption setup
This section describes the setup of the UltraVNC encryption and the connected setup within the Agentless Access UI to create an encrypted VNC connection. For Windows XP, version 1.2.24 was tested and verified.
1. Right-click the UltraVNC tray icon and select Admin Properties.
2. In the DSM Plugin section:
- Select Use
- Choose SecureVNCPlugin.dsm
- Select Config
3. On Windows XP only:
- Clear the checkbox Protect my computer and data from unauthorized program activity
- Select OK
4. In the SecureVNCPlugin window:
- Select AES (128 to 256 bit keys)
- Select 256-bit under
- Enabled Key Lengths
- Set RSA to RSA 3072
- Enter a secure passphrase
- Select Generate Client Authentication Key
8. Press Windows + R, type services.msc, and select OK.
9. In the Services list:
- Locate uvnc_service
- Right click
- Select Restart
10. Copy the file <date>_Viewer_ClientAuth.pkey (step 5) from the UltraVNC folder to the company admin machine.
11. On the admin machine, create the VNC endpoint and upload the Viewer key file during the setup.