cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
515
Views
4
Helpful
7
Replies

Best Connection Method

jwynacht
Level 1
Level 1

Hi,

I have five customer sites that each run a Cisco 1721. I'd like to be able to remote into each router securely. My initial thought was ssh but then I thought about VPN; when I purchased the boxes I bought them with that in mind.

Anyone have a preference? I'm sure I'll need to update the IOS on these machines too.

Thanks,

Jon

7 Replies 7

kerek
Level 4
Level 4

Hi Jon,

I think if you want to have access to the router only in secure way it is enough to set up ssh and you don't need to strugle with the VPN settings.

Krisztian

how will the config on one of the routers be

Hi,

This link gives you step by step configuration guide how to enable ssh.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftrevssh.html

Hoep it helps, rate if does

Krisztian

Hi:

There are two scenarios to think of:

1.) If you need to access the routers for management purposes and you are already logged onto the local network, then what would you need VPN for? Just configure the router to support an SSH session and be done with it. This way you get the privacy you need from the encrypted session.

2.) If you're sitting on a remote private network, then you would need VPN to access the local network, but you would still need SSH to access and manage the routers.

So, either way, you need SSH for a secure management session to your router.

Creating VPN tunnels to each of your routers is insane and pointless, if that's what you were thinking of.

Configuring Secure Shell (SSH) Access

To enable SSH, besides the command below, the device hostname and ip domain name must be configured.

Router(config)# crypto key generate rsa

(generate SSH key pair to support remote SSH access)

Of course your version of IOS must support it.

HTH

Victor

I'm looking to do two things:

1. Remotely configure the router when needed.

2. Remotely access the network on the inside of the router. So ssh to the router then ssh to a server on the side. That's where I thought the VPN made the most sense.

What do you think?

Hi,

1. You can do it without any problems as desribed earlier. You need the appropriate IOS and follow the steps to enable ssh.

2. I'm not sure whether you will be able to ssh from the router to the server, but instead you can ssh to the server directly if not behind NAT (so its address is routed on your network) or if behind NAT you make a static translation for a given port which is mapped to the server on the inside network.

Hope it help, rate if does,

Krisztian

Thanks! I'll have to upgrade my IOS for this but it will be worth it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco