Remote Access To My Rack

boostinbadgerboostinbadger Member Posts: 256
I have a Linksys 300N as my regular router hooked to my cable modem. How would I configure it so that I can access my Access Server remotely? Are there any configs I need to change on the Access Server?

Comments

  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Configure your Linksys 300N router to port forward SSH or Telnet (preferably SSH) to the Ethernet interface of your access server.

    Once then, you should be able to telnet or ssh to your public IP address provided by your cable modem to the 300N router and have access to the CLI of your access-server.
    There is no place like 127.0.0.1
  • boostinbadgerboostinbadger Member Posts: 256
    Thanks Matt. I set SSH using ext port 22, int port 22 to use both UDP and TCP and set the IP address to 10.1.1.100. Now when I am outside my network I SSH to the Internet IP address given to my 300N by the cable modem and it should work correct? Are there any other settings I need to put on the Access Server? Is there a way to test this inside the network?
  • boostinbadgerboostinbadger Member Posts: 256
    I just realized that my 2509 does not support SSH so I will have to use telnet.
  • tierstentiersten Member Posts: 4,505
    Remember that you're also giving anybody else on the internet the ability to connect to your access server. If you don't have a good username/password then you'll be letting people into your internal network and bypassing your router firewall.

    If nothing else, you'll get hundreds of probes and attempts to guess passwords which will clog up your logs.

    Ideally you should use a VPN to connect to your internal network and then connect to the access server when inside.
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    If you have a 2511 or 2509 you can run 12.2(32) IP/FW PLUS IPSEC 56 which will support SSHv1 (only des) but it will protect against your casual hacker.

    This will give you some security, better than telnet of course.

    If you Google the image name you'll probably find it fairly easy, its a common image, but use downloaded images from non-cisco sites at your own risk;

    IP/FW PLUS IPSEC 56
    c2500-ik8os-l.122-32.bin
    There is no place like 127.0.0.1
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    tiersten wrote: »
    Ideally you should use a VPN to connect to your internal network and then connect to the access server when inside.

    +1

    If someone's sniffing your traffic inside your home, you have bigger things to worry about icon_lol.gif
  • ColbyGColbyG Member Posts: 1,264
    tiersten wrote: »
    Ideally you should use a VPN to connect to your internal network and then connect to the access server when inside.

    Or just SSH to another box at your house and telnet from there.
  • HagerHager Member Posts: 11 ■□□□□□□□□□
    Remote Access To My Rack


    *Snickers*
  • mgeorgemgeorge Member Posts: 774 ■■■□□□□□□□
    Hager wrote: »
    *Snickers*

    haha, thats a good laugh
    There is no place like 127.0.0.1
  • jbaellojbaello Member Posts: 1,191 ■■■□□□□□□□
    dynamik wrote: »
    +1

    If someone's sniffing your traffic inside your home, you have bigger things to worry about icon_lol.gif

    How hard it is to setup VPN server on a cisco router? I always try to be efficient, and my VPN is running on a RRAS server that is taking more energy than what I would need, but so far this is what I did for my home lab VPN to a W2k3 RRAS Server, then from there I just telnet/ssh.

    The idea of plugging my cisco router directly into my DSL modem played in my head as well, or perhaps a NAT on the typical home router, but then if my cisco is on a different network this means I will need to setup a route on my home router, and some of this home router like dlink/linksys might not be supported.

    I would also check to make sure ports are opened on the remote site your remoting to.

    Perhaps if someone can share a user friendly article on how to setup VPN on a 2600 series router laying around ;)
  • btowntechbtowntech Member Posts: 198 ■■■□□□□□□□
    I just use an old laptop and access it via LogMeIn. Gets the job done!
    BS - Information Technology; AAS - Electro-Mechanical Engineering
  • boostinbadgerboostinbadger Member Posts: 256
    Apparently it isn't set correctly. I just tried to telnet to the internet ip given to my router via my modem and it didn't work
  • boostinbadgerboostinbadger Member Posts: 256
    I have it working...almost. I had to disable "Filter Anonymous Internet Requests" under Security on the 300N. I could then ping from outside. I turned on ip packet debugging and had a friend of mine try to telnet in. I saw his IP address try to get into the AS using telnet, but it then said that it was "unroutable". The 300N private addresses are 10.0.0.0/24 and the AS's IP is 10.1.1.100. Why would that need to be routed?
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    10.0.0.0/24 and 10.1.1.100 are on two different subnets, you need to use a 10.0.0.x/24 address for the AS.
    The only easy day was yesterday!
  • boostinbadgerboostinbadger Member Posts: 256
    My mistake. The 300N's address is 10.1.1.1/24 and the AS is 10.1.1.100/24.
  • boostinbadgerboostinbadger Member Posts: 256
    I have been doing some thinking on my problem and have come up with a question. I know the telnet traffic is making it to the AS but not going back out. Do I need to put any transport output commands on the vty lines?
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    No but you should have a default route on the AS to the linksys router.
    The only easy day was yesterday!
  • jason_lundejason_lunde Member Posts: 567
    Good call DT...that will probably be that. Always the simplest things that get most of us! :)
  • boostinbadgerboostinbadger Member Posts: 256
    I thought I tried that at one point, but maybe I didn't. I just set a default route from the AS (10.1.1.100) to the Linksys (10.1.1.1). Correct me if I'm wrong but it should read:

    ip route 0.0.0.0 0.0.0.0 10.1.1.1
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    I thought I tried that at one point, but maybe I didn't. I just set a default route from the AS (10.1.1.100) to the Linksys (10.1.1.1). Correct me if I'm wrong but it should read:

    ip route 0.0.0.0 0.0.0.0 10.1.1.1


    That is correct
    The only easy day was yesterday!
  • boostinbadgerboostinbadger Member Posts: 256
    Thanks dtlokee. Another duh problem was that I had the default gateway setup with an old ip, not the new one. It is working great now. Thanks again.
  • dtlokeedtlokee Member Posts: 2,378 ■■■■□□□□□□
    You're welcome.
    The only easy day was yesterday!
Sign In or Register to comment.