Creating a subinterface on a router for management

Iceman2667 · ‎07-23-2013

I'm working on a production lab, and I've run into a small issue. I need to have some way of remotely accessing my router from a vpn. However I don't have a spare port to assign an IP from the VPN network on. right now my lab set up looks like:

The line from the external network enters in through port F0/0 of my 2621 router. I then route (and DHCP, NAT...) into my internal production network, which then go onto a switch from port F0/1.

Now, I'm looking for someway to create a subinterface on F0/1 that only deals with traffice from a management network. Just an IP address that I can use to telnet (and SSH) into and access the router. This subinterface can't interact at all with the external or production network for security reasons.

I need to know 1) if this can be done at all and 2) will doing so open my network to security loopholes?

I've attached what my network looks like

usasigcis · ‎07-23-2013

why dont u create a loopback interface and advertise it over the vpn tunnel

Iceman2667 · ‎07-24-2013

I don't have access to any of the equiptment that routes the VPN traffic, so I can't set up any kind of layer 3 routing to inform everything of how to hit that loopback interface.

schaef350 · ‎07-24-2013

Would you be willing to remove passwords and keys and post configs?

- Be sure to rate all helpful posts