From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Thu Aug 18 2005 - 15:40:28 GMT-3
HB,
Just configure the 803 to forward a port into the terminal
server via static NAT. Assuming your terminal server IP is 1.2.3.4 and
your outside interface is Ethernet0 do something like this:
ip nat inside source static tcp 1.2.3.4 23 interface Ethernet0 65523
This will cause your 803 to forward tcp port 65523 into the
access server's tcp port 23. Then just do local username and password
authentication on the access server that drops them off at privilege
level 0.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Habib
> Sent: Thursday, August 18, 2005 12:28 PM
> To: ccielab@groupstudy.com
> Subject: Remote Access to Private Lab
>
> Ok - I give up searching google and cco
>
> I have an 803 router with a public address. Since there are only 5vty
> lines
> this puts a limit on the amount of terminal sessions I can have open
at
> any one
> time. Furthermore, it's unsecure. Nonetheless, I would be interested
to
> know if
> the #vty lines can be increased like they can when using Enterprise
code
> or
> Access Server feature sets...? (Remember, on an 803 that is).
>
> I have Cisco vpn client installed on my pc at work and was wondering
if it
> would be possible to establish a vpn tunnel to the internet address of
my
> 803?
>
> Firstly I'm not entirely sure if this is possible and secondly if it
is
> then
> where the heck is the link that describes how to go about configuring
it?
>
> Just incase this is not going to be possible, I have a 1750 at my
disposal
> with
> hw encryption module and bri wic. I would like to avoid using this kit
> since
> the 803 is sitting pretty where it is. But, if it must go I'll ditch
it.
> The
> ability to access rack remotely -and- opening >5 reverseTelnet
sessions
> consecutively is the goal. I realize once a tunnel is established I
can
> get
> straight onto the kit.
>
> Running IP/FW IPSEC 56 Feature sets (3DES on 1750).
>
> int------803-----termserv----lab
>
> any suggestions would be appreciated.
> HB
>
>
>
>
> ----------------------------------------------
> This mail sent through http://www.ukonline.net
>
>
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:01:19 GMT-3