Remote Access To My Rack

boostinbadger

I have a Linksys 300N as my regular router hooked to my cable modem. How would I configure it so that I can access my Access Server remotely? Are there any configs I need to change on the Access Server?

mgeorge

Configure your Linksys 300N router to port forward SSH or Telnet (preferably SSH) to the Ethernet interface of your access server.

Once then, you should be able to telnet or ssh to your public IP address provided by your cable modem to the 300N router and have access to the CLI of your access-server.

boostinbadger

Thanks Matt. I set SSH using ext port 22, int port 22 to use both UDP and TCP and set the IP address to 10.1.1.100. Now when I am outside my network I SSH to the Internet IP address given to my 300N by the cable modem and it should work correct? Are there any other settings I need to put on the Access Server? Is there a way to test this inside the network?

boostinbadger

I just realized that my 2509 does not support SSH so I will have to use telnet.

tiersten

Remember that you're also giving anybody else on the internet the ability to connect to your access server. If you don't have a good username/password then you'll be letting people into your internal network and bypassing your router firewall.

If nothing else, you'll get hundreds of probes and attempts to guess passwords which will clog up your logs.

Ideally you should use a VPN to connect to your internal network and then connect to the access server when inside.

mgeorge

If you have a 2511 or 2509 you can run 12.2(32) IP/FW PLUS IPSEC 56 which will support SSHv1 (only des) but it will protect against your casual hacker.

This will give you some security, better than telnet of course.

If you Google the image name you'll probably find it fairly easy, its a common image, but use downloaded images from non-cisco sites at your own risk;

IP/FW PLUS IPSEC 56
c2500-ik8os-l.122-32.bin

dynamik

tiersten wrote: »

Ideally you should use a VPN to connect to your internal network and then connect to the access server when inside.

+1

If someone's sniffing your traffic inside your home, you have bigger things to worry about

ColbyG

tiersten wrote: »

Ideally you should use a VPN to connect to your internal network and then connect to the access server when inside.

Or just SSH to another box at your house and telnet from there.

Hager

boostinbadger wrote: »

Remote Access To My Rack

*Snickers*

mgeorge

Hager wrote: »

*Snickers*

haha, thats a good laugh

jbaello

dynamik wrote: »

+1

If someone's sniffing your traffic inside your home, you have bigger things to worry about

How hard it is to setup VPN server on a cisco router? I always try to be efficient, and my VPN is running on a RRAS server that is taking more energy than what I would need, but so far this is what I did for my home lab VPN to a W2k3 RRAS Server, then from there I just telnet/ssh.

The idea of plugging my cisco router directly into my DSL modem played in my head as well, or perhaps a NAT on the typical home router, but then if my cisco is on a different network this means I will need to setup a route on my home router, and some of this home router like dlink/linksys might not be supported.

I would also check to make sure ports are opened on the remote site your remoting to.

Perhaps if someone can share a user friendly article on how to setup VPN on a 2600 series router laying around

btowntech

I just use an old laptop and access it via LogMeIn. Gets the job done!

boostinbadger

Apparently it isn't set correctly. I just tried to telnet to the internet ip given to my router via my modem and it didn't work

boostinbadger

I have it working...almost. I had to disable "Filter Anonymous Internet Requests" under Security on the 300N. I could then ping from outside. I turned on ip packet debugging and had a friend of mine try to telnet in. I saw his IP address try to get into the AS using telnet, but it then said that it was "unroutable". The 300N private addresses are 10.0.0.0/24 and the AS's IP is 10.1.1.100. Why would that need to be routed?

dtlokee

10.0.0.0/24 and 10.1.1.100 are on two different subnets, you need to use a 10.0.0.x/24 address for the AS.

boostinbadger

My mistake. The 300N's address is 10.1.1.1/24 and the AS is 10.1.1.100/24.

boostinbadger

I have been doing some thinking on my problem and have come up with a question. I know the telnet traffic is making it to the AS but not going back out. Do I need to put any transport output commands on the vty lines?

dtlokee

No but you should have a default route on the AS to the linksys router.

jason_lunde

Good call DT...that will probably be that. Always the simplest things that get most of us!

boostinbadger

I thought I tried that at one point, but maybe I didn't. I just set a default route from the AS (10.1.1.100) to the Linksys (10.1.1.1). Correct me if I'm wrong but it should read:

ip route 0.0.0.0 0.0.0.0 10.1.1.1

dtlokee

boostinbadger wrote: »

I thought I tried that at one point, but maybe I didn't. I just set a default route from the AS (10.1.1.100) to the Linksys (10.1.1.1). Correct me if I'm wrong but it should read:

ip route 0.0.0.0 0.0.0.0 10.1.1.1

That is correct

boostinbadger

Thanks dtlokee. Another duh problem was that I had the default gateway setup with an old ip, not the new one. It is working great now. Thanks again.

dtlokee

You're welcome.