Remotely managing switch rack at home from anywhere for convenience of doing my labs

OfWolfAndMan

So, I currently have a R6200 Netgear router (Which unfortunately does not support 802.1q trunking). Luckily because the top of my stack is a L3 switch, I was able to configure the interface connecting to my router as a pure L3 port. Configured SSH, vty line with local login, etc. On the netgear side, I have a DNS name for my router in case the ISP decides to change my IP. I configured port forwarding for 22, and have a separate port for remotely accessing my home router. I enabled remote management from ANYWHERE for this router, and after some tinkering, I can get into the router remotely (used an SSL clientless VPN to try it out myself). Unfortunately, I can't seem to SSH into the switch on SecureCRT. I can remotely login from my LAN, but just not over the local internet. Maybe there's some small config I'm missing? Or maybe this particular router just doesn't like my switch (It's a 3750 24 PS. PoE support). Anyone tried doing this before? I'm really determined to do my SWITCH labbing anywhere I can (Assuming I have public internet access).

PS: I don't have the default login for my router

OfWolfAndMan

OK so another thought: What if I decided to get a router that supported configuring an IPsec tunnel. How would I terminate the tunnel on the remote side where my computer would have remote access?

Is there a good router anyone would recommend that play well with remoting into the switches hanging off of my setup? This means something within a realistic budget of $200 of course

iBrokeIT

Flash it with DD-WRT and use OpenVPN, it's more secure than opening up those ports on your router. Thats what I did with my Netgear R7000

iBrokeIT

Here the link for your R6200 Downloads: MyOpenRouter

theodoxa

Probably too expensive (I paid $330 with SmartNet, though the price seems to have gone up to $410), but I use an ASA 5505 for remote access (SSL VPN using AnyConnect).

Heero

If you you can get to port 22 on the switch when you are on the local network, but not over the Internet then it is being dropped somewhere. Try a TcpTraceroute to see how far port 22 traffic makes it. There is always a small chance that your ISP is blocking it. If it gets to your router, check the port forwarding/firewall. Also check the switch to make sure you don't have an access-list applied to the vty ports.

OfWolfAndMan

Thank you for the recommendations everyone! Because I don't have money for an ASA at the moment, and because I really didn't want to exploit myself with port forwarding (Heero, I think it's a firewall thing. After enabling ping to the router, it did just fine pinging it outside the LAN), so I'm going with the firmware iBrokeIT recommended! It has a vast amount of features on it including RADIUS authentication, advanced QoS services, VPN, VLAN features, and a LOT of customization, along with plenty of logging options. You rock, man!