Remote Access to Lab

controlcontrol Member Posts: 309
Hi All,

I have my ADSL router connected to my ISP. If I connected my access server (cisco 2509) to the ADSL router and wanted to access the 2509 remotely using SSH, would it just be a case of setting up port forwarding for SSH traffic on my ADSL router? Obviously either using a static IP or Dynamic DNS.

Thanks

Comments

  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    Free Remote Desktop Access - IT Tool | Kaseya this is what I use to access my PC from home.
    2017 Certification Goals:
    CCNP R/S
  • controlcontrol Member Posts: 309
    MAC_Addy wrote: »
    Free Remote Desktop Access - IT Tool | Kaseya this is what I use to access my PC from home.

    If I wanted to rule out connecting to an actual PC at the home end, and go straight to a a cisco access server/router, is it simple enough to do this?
  • shodownshodown Member Posts: 2,271
    MAC_Addy wrote: »
    Free Remote Desktop Access - IT Tool | Kaseya this is what I use to access my PC from home.


    I port foward ssh to the internal of my console server and log in. Some people get fancier and use non standart ports and use other power management tools to log into there boxes power them up and down, and so on.
    Currently Reading

    CUCM SRND 9x/10, UCCX SRND 10x, QOS SRND, SIP Trunking Guide, anything contact center related
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    control wrote: »
    If I wanted to rule out connecting to an actual PC at the home end, and go straight to a a cisco access server/router, is it simple enough to do this?
    You could do that, yes. Just offering a solution to access your lab from work. I had mine setup to go from my console server, to my home router. I used port forwarding to access it from work. Though, if you lose power at home your modem might come back up with a different IP. That's when I used Kaseya to remote in to my computer instead. I use this program to access my mum's computer when she's having problems.
    2017 Certification Goals:
    CCNP R/S
  • controlcontrol Member Posts: 309
    MAC_Addy wrote: »
    You could do that, yes. Just offering a solution to access your lab from work. I had mine setup to go from my console server, to my home router. I used port forwarding to access it from work. Though, if you lose power at home your modem might come back up with a different IP. That's when I used Kaseya to remote in to my computer instead. I use this program to access my mum's computer when she's having problems.

    Sounds good. Will definately check out Kaseya, especially if it's free.
  • pitviperpitviper CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT Member Posts: 1,376 ■■■■■■■□□□
    Port forwarding would work but a VPN capable firewall would be a much better option. If you’re going to be connecting from the same place (like work), or group of places which have static public IPs then setup an ACL and allow SSH connections only from those IPs.

    Then the next step is to get a switched PDU so that you can remotely turn your devices on and off at will :)
    CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
  • controlcontrol Member Posts: 309
    pitviper wrote: »
    Port forwarding would work but a VPN capable firewall would be a much better option. If you’re going to be connecting from the same place (like work), or group of places which have static public IPs then setup an ACL and allow SSH connections only from those IPs.

    Then the next step is to get a switched PDU so that you can remotely turn your devices on and off at will :)

    If only I had the know how to do that icon_smile.gif Was looking at VPN tutorials earlier, but out of my current knowledgebase, I'll get there...soon I hope. Regarding creating a VPN - would a cisco 2610xm, 1721,1751, or 2509 router be capable of this? These are what I currently have in the router stakes. I'm assuming I would need the correct IOS, but if I had this, how difficult is it really to setup a vpn to say my home?
  • JeanMJeanM Member Posts: 1,117
    pitviper wrote: »
    Port forwarding would work but a VPN capable firewall would be a much better option. If you’re going to be connecting from the same place (like work), or group of places which have static public IPs then setup an ACL and allow SSH connections only from those IPs.

    Then the next step is to get a switched PDU so that you can remotely turn your devices on and off at will :)

    I'd love to know how to do this as well, any pointers?

    As far as VPN capable firewall, would one of the cheaper PIX or ASA work for this or can one use an extra 2611/2621 for that instead?
    2015 goals - ccna voice / vmware vcp.
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    JeanM wrote: »
    I'd love to know how to do this as well, any pointers?

    You buy a PDU that is manageable via IP. Usually itll either be by telnet/ssh or a web GUI. Then you just log into the device, and turn ports on and off. Not much different than accessing a console server.
  • JeanMJeanM Member Posts: 1,117
    I see, something like APC PX-1000, any specific makes/models to look for that are affordable for labs?
    2015 goals - ccna voice / vmware vcp.
  • pitviperpitviper CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT Member Posts: 1,376 ■■■■■■■□□□
    JeanM wrote: »
    I see, something like APC PX-1000, any specific makes/models to look for that are affordable for labs?

    You can generally get the APC AP-7900s for under $100 on ebay if you're patient enough. I ended up with a couple of AP-7901s for $80/each. The AP-7901s have 20 amp twist lock plugs on them (which I replaced).
    CCNP:Collaboration, CCNP:R&S, CCNA:S, CCNA:V, CCNA, CCENT
  • LinuxRacrLinuxRacr Member Posts: 652 ■■■■□□□□□□
    Pitviper is right, I've been scouring Ebay and Craigslist for the APC AP-7900's, and they are hard to find under $100 unless you are patient. The cheapest one I saw last week was $175...

    As for remote access to my lab, I am working on getting my 881W's VPN configuration setup. I've been having some fun learning about firewall rules, and NAT. Once I get those worked out, then it is time for VPN.
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    I just put one of these in my lab for remote power control -

    Web Power Switch! - 15 Day Free Trial! - Ships Overnight - From $109!

    Quick and easy setup, though you do have to make some provision to be able to access it through a web browser remotely (I have three methods - VPN, SSH X Forwarding, or an NX session, the latter two being through the only box that's accessible via SSH from the outside world)
  • LinuxRacrLinuxRacr Member Posts: 652 ■■■■□□□□□□
    Nice option Forsaken. For the price of the more expensive APC AP-7900's, this looks to be more bang for the buck at $295:

    Rack Mounted Web Controlled Redundant Power. Ships Overnight 15 Day Free Trial!

    EPCR3Small.jpg
    epcr3back.jpg
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    LinuxRacr wrote: »
    Nice option Forsaken. For the price of the more expensive APC AP-7900's, this looks to be more bang for the buck at $295:

    Yeah, it depends on how many outlets you need. I have 13 devices in the lab, but I already had a PDU for my rack, so I just plugged the PDU into the Remote Power Switch, and voila, I can boot the entire rack at once!

    Certainly not something I would ever do in production, but for a lab environment, I'm ok with it hehe
  • LinuxRacrLinuxRacr Member Posts: 652 ■■■■□□□□□□
    I just put one of these in my lab for remote power control -

    Web Power Switch! - 15 Day Free Trial! - Ships Overnight - From $109!

    Quick and easy setup, though you do have to make some provision to be able to access it through a web browser remotely (I have three methods - VPN, SSH X Forwarding, or an NX session, the latter two being through the only box that's accessible via SSH from the outside world)

    I finally picked one of these up. Can't wait to get it and put it to use!
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
  • xXErebuSxXErebuS Member Posts: 230
    I seen it some what mentioned but setup access over say port 64395 (some random port) and lock it down to IP's if you want; then port forward that to 22.

    If not you could potentially (very possible) have someone scan and try to brute force into it.
  • MAC_AddyMAC_Addy Member Posts: 1,740 ■■■■□□□□□□
    xXErebuS wrote: »
    I seen it some what mentioned but setup access over say port 64395 (some random port) and lock it down to IP's if you want; then port forward that to 22.

    If not you could potentially (very possible) have someone scan and try to brute force into it.

    They'd still be able to get into it (if they were really that desprate) since you'll be port forwarding.
    2017 Certification Goals:
    CCNP R/S
  • Corndork2Corndork2 Member Posts: 266
    Web Power Switches are nice low cost options.

    Western Telematic Inc. makes the WTI RSM line thats also really nice.

    Your 2600XM's will support VPN with the addition of an AIM module.

    You could pick up a PIX 501 on ebay for 10.00 with the proper license.

    I personally VPN to a Cisco 1841, then use a WTI RSM8R4

    Previously, I just forwarded SSH ports to one of my unix servers. I'd log into it, then log into the other devices from the Unix box.

    The VPN method is obviously more secure, but frankly SSH is fine for a home lab. Make sure you have a decent username/password combo, as the random bots on the internet willl try to log into you from time to time. They do so now as well, but you dont see it in SOHO equipment logs.

    DO NOT use telnet :)
    Brocade: BAIS, BACNS, BAEFS Cisco: CCENT, CCNA R&S CWNP: CWTS Juniper: JNCIA-JUNOS
    CompTIA: A+ (2009), Network+ (2009), A+ CE, Network+ CE, Security+ CE, CDIA+
    Mikrotik: MTCNA, MTCRE, MTCWE, MTCTCE VMware: VCA-DV Rackspace: CloudU
  • LinuxRacrLinuxRacr Member Posts: 652 ■■■■□□□□□□
    Corndork2 wrote: »
    Web Power Switches are nice low cost options.

    Western Telematic Inc. makes the WTI RSM line thats also really nice.

    Your 2600XM's will support VPN with the addition of an AIM module.

    You could pick up a PIX 501 on ebay for 10.00 with the proper license.

    I personally VPN to a Cisco 1841, then use a WTI RSM8R4

    Previously, I just forwarded SSH ports to one of my unix servers. I'd log into it, then log into the other devices from the Unix box.

    The VPN method is obviously more secure, but frankly SSH is fine for a home lab. Make sure you have a decent username/password combo, as the random bots on the internet willl try to log into you from time to time. They do so now as well, but you dont see it in SOHO equipment logs.

    DO NOT use telnet :)

    I use a Cisco 881W myself for my VPN. I've been wanting to get my hands on an 1841, but I'm waiting for better pricing.

    Yeah, and DON'T USE TELNET, or any clear-text communications over the internet!!! I found out the hard way some years ago...lol...
    My WGU B.S. IT - Security Progress : Transferred In|Remaining|In Progress|Completed
    AGC1, CLC1, GAC1, INC1, CTV1, INT1, BVC1, TBP1, TCP1, QLT1, HHT1, QBT1, BBC1 (39 CUs), (0 CUs) (0 CUs)
    WFV1, BNC1, EAV1, EBV1, COV1 | MGC1, IWC1 | CQV1, CNV1, IWT1, RIT1 | DRV1, DSV1, TPV1, CVV1 | EUP1, EUC1, DHV1| CUV1, C173 | BOV1, CJV1, TXP1, TXC1 | TYP1, TYC1, SBT1, RGT1 (84 CUs) DONE!
Sign In or Register to comment.