From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Oct 29 2004 - 12:11:08 GMT-3
Dave,
Yes you can use SSH to access the router instead of telnet:
http://www.cisco.com/warp/public/707/ssh.shtml
If you want to disable telnet access and only allow SSH issue
the "transport input ssh" command under the VTY lines.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> David
> Sent: Friday, October 29, 2004 9:53 AM
> To: ccielab@groupstudy.com
> Cc: Tom Lijnse; Patrick Torney
> Subject: Re: Dialin Access to the Rack using 2511
>
> Thanks a lot guys. This is excellent, I can make this work now!
>
> One other scenario, if I can run by you:
>
> If I also have the terminal server sitting on the DSL Internet line
with a
> IP and rather than dial into the terminal server, instead I reverse
telnet
> into the kit using the terminal server's Internet IP address and the
kit
> device port number (e.g. telnet 200.200.1.1 2007). Also I tighten the
> access
> to terminal server with an access list so that the above access is
allowed
> only from my work LAN (i.e. I allow my work Firewall external IP
address).
> I
> know this all will work, but the question is how secure is this? Can
we
> use
> SSH for this to make it more secure? Some sample configs (with some
ACL)
> would be great!
>
> Now the above setup for training is probably not a big security issue
(I
> think?), but If we were opening a new small office and will have some
> Cisco
> kit there (PIX, Cats etc) and to control the PIX etc we do the exact
same
> setup (with one terminal server) as above are there any security
issues
> with
> this? We'd probably setup a dialup link to the terminal server using a
> modem
> but we also want to put the terminal server on the Internet and
reverse
> telnet into the office devices (PIX, Cats etc). The reason for all
this
> would be because we would not have anyone to manage these devices at
this
> new office. Again we would apply some tight ACL so that access is only
> allowed to the legal IPs from our company head office. Any thoughts on
the
> security of this setup (for real life scenario)? Can we use SSH for
this
> to
> make it more secure? I think there are many Cisco routers on the
Internet
> setup like this but not sure if it is sensible security to do this?
>
> Thanks a lot
>
> Dave
>
>
>
>
> ----- Original Message -----
> From: "Tom Lijnse" <Tom.Lijnse@globalknowledge.nl>
> To: "David" <fullerdavid@hotmail.com>
> Cc: <ccielab@groupstudy.com>
> Sent: Thursday, October 21, 200 4 10:23 PM
> Subject: RE: Dialin Access to the Rack using 2511
>
>
> Hi,
>
> 1) If you're looking for a USR modem I'd say you want this one:
> http://www.usr.com/products/home/home-product.asp?sku=USR5686E.
> Strange enough, the RS-232 one is more expensive than the USB model.
>
> 2) It depends on the type of 2511. If it's one of those using octal
> cables then all you need is one of the 25-pin connectors that you
(used
> to) get with each router. (It's even labeled "modem"). If you have a
> 2511-RJ you need a Cisco rollover cable and the 25-pin connector.
>
> 3) Typical config would be something like:
>
> line 1
> speed 115200
> flowcontrol hardware
> stopbits 1
> modem inout
> transport input all (to facilitate reverse telnet to the modem)
> modem autoconfigure type usr_sportster
>
> (assuming the above modem uses the same AT command set as the old USR
> Sportsters)
>
> Regards,
>
> Tom Lijnse
>
> CCIE #11031
> Global Knowledge Netherlands
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> David
> Sent: donderdag 21 oktober 2004 17:28
> To: ccielab@groupstudy.com
> Subject: Dialin Access to the Rack using 2511
>
> Hi there all
>
> I have a rack setup with a 2511 Terminal Server. I want to dial
remotely
> into
> the 2511 using a modem to be able to control the rack. Can someone
> please
> advise on the following:
>
> 1) US Robotics (non-USB connector) modem model number - I ordered one
> and it
> has USB connection!! and not the old fashion one...
> 2) What extra cables, number of pins are required to do the above
setup
> 3) Any sample working configs will be very helpful.
>
> Thanks a lot
>
> Dave
>
>
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:54 GMT-3