Re: How can I provide access to non-routable addr across wan

schunks · ‎04-04-2007

I have my management interfaces on my switches on a 10. vlan and want to setup secure access to them across my wan. Are there any ways to accomplish this? My switch is a 6509 with sup 720. I have a routable interface on it as well. tks

paolo bevilacqua · ‎04-05-2007

what prevents you from routing these addresses as well ?

schunks · ‎04-05-2007

Inside my building I can route to it. It's only when I go from outside our building I can't reach it. I can only manage my local router... they will not allow my 10. net to be an advertised route inside their configs. Additionally, I don't really want it publicly visible. It's a nice layer of security. But, now I have a need for remote management.

paolo bevilacqua · ‎04-05-2007

"security" is very nice until prevents you from doing something - happens often.

Anyway, you can either allow managment access with a routable address, or carry your private addresses inside a GRE tunnel. The latter will require a router under your control installed on the other side of networks not carrying your "10".

bporter78 · ‎04-05-2007

Ummm why don't you just setup a static NAT on your firewall. So your 10.0.0.1 is Natted to port 22 on the external IP address of your firewall (this will provide SSH access to your 6509)

Cheers,

Peter