How to securely allow a vendor into to my network via the internet
I need to explain to my customers how to allow my company consultants into their network and access a HP-UX workstation. This workstation has an IP address on there network.
I usually access the system via a Cisco Access Server but I have slow connections because it is using dialback via telephone lines. One customer I went to gave me access over the internet by giving me a password thru their firewall and then forwarded me to the IP address of the HP-UX workstation. They also restricted that connection to only my IP address. Anyone else who tries to access that internet address will timeout.
I want to know how to accomplish this goal. If you can help please reply. Thanks
Re: How to securely allow a vendor into to my network via the in
SSH is your friend.
It is essentially a secure Telnet client/server. All you'd have to do is poen a port on the firewall to allow port 22 to traverse the firewall on a static mapping to the HP.
SSH can be set up to use ONLY specific (strong encrypted) keys that are pre-configured on each end (no passwords, no clear text).
The other slick thing about SSH is that most server/clients also come with an SFTP application through the encrypted tunnel, so you can transfer files (as permitted by the server configuration) either way.
You can also pass "X" traffic, or any other (specifically configured) port either way throug the encrypted tunnel.
SSH is very secure, and using PKI absolutely minimizes the security exposure.
Check out ssh.com, openssh.org, f-secure.com, and vandyke.com.
SSH is available as open source @ no cost; the commercial products have more features, support, etc.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :