Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best Connection Method

Hi,

I have five customer sites that each run a Cisco 1721. I'd like to be able to remote into each router securely. My initial thought was ssh but then I thought about VPN; when I purchased the boxes I bought them with that in mind.

Anyone have a preference? I'm sure I'll need to update the IOS on these machines too.

Thanks,

Jon

7 REPLIES
Silver

Re: Best Connection Method

Hi Jon,

I think if you want to have access to the router only in secure way it is enough to set up ssh and you don't need to strugle with the VPN settings.

Krisztian

New Member

Re: Best Connection Method

how will the config on one of the routers be

Silver

Re: Best Connection Method

Hi,

This link gives you step by step configuration guide how to enable ssh.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t2/feature/guide/ftrevssh.html

Hoep it helps, rate if does

Krisztian

Blue

Re: Best Connection Method

Hi:

There are two scenarios to think of:

1.) If you need to access the routers for management purposes and you are already logged onto the local network, then what would you need VPN for? Just configure the router to support an SSH session and be done with it. This way you get the privacy you need from the encrypted session.

2.) If you're sitting on a remote private network, then you would need VPN to access the local network, but you would still need SSH to access and manage the routers.

So, either way, you need SSH for a secure management session to your router.

Creating VPN tunnels to each of your routers is insane and pointless, if that's what you were thinking of.

Configuring Secure Shell (SSH) Access

To enable SSH, besides the command below, the device hostname and ip domain name must be configured.

Router(config)# crypto key generate rsa

(generate SSH key pair to support remote SSH access)

Of course your version of IOS must support it.

HTH

Victor

New Member

Re: Best Connection Method

I'm looking to do two things:

1. Remotely configure the router when needed.

2. Remotely access the network on the inside of the router. So ssh to the router then ssh to a server on the side. That's where I thought the VPN made the most sense.

What do you think?

Silver

Re: Best Connection Method

Hi,

1. You can do it without any problems as desribed earlier. You need the appropriate IOS and follow the steps to enable ssh.

2. I'm not sure whether you will be able to ssh from the router to the server, but instead you can ssh to the server directly if not behind NAT (so its address is routed on your network) or if behind NAT you make a static translation for a given port which is mapped to the server on the inside network.

Hope it help, rate if does,

Krisztian

New Member

Re: Best Connection Method

Thanks! I'll have to upgrade my IOS for this but it will be worth it.

145
Views
4
Helpful
7
Replies