Re: Remote access to rack options

Man, that is a lot of work!
 
I have an ASA 5505 with AnyConnect SSL and IPSEC
VPN (for backup) configured. I VPN home, telnet to my Sentry Commander PT40,
and power on my devices. I have a 2610 with a NM32 that gives me 32 console
ports. I used this for my R&S and now my Security. WORKS GREAT, and low
cost.

Regards,
Jay McMickle- 3x CCNP (R&S,Security,Design), CCIE #35355
(R&S)
 

From: Kenneth Ratliff <dayne_at_cluebat.net>
To: John Pelletier
<john.pelletier_at_altima-group.com>; "ccielab_at_groupstudy.com"
<ccielab_at_groupstudy.com>
Sent: Monday, October 8, 2012 7:13 AM
Subject: Re:
Remote access to rack options

I use a few different methods to get into my
home rack.

I maintain a VPS with Linode which acts as my web and mail server.
I have
the VPS connected back to my home router via an ipsec tunnel, and I run
BGP between the two endpoints.

My home network also has an OpenBSD host
that's open to the world via SSH,
which I use as a jump box.

Ideally, I can
just ssh into my jump box and from there telnet to my term
server ports.
That's the simplest method.

If I can't, then I try to SSH to my VPS, and from
there I can telnet
directly to my term server, since they're connected via
ipsec tunnel with
routing established. I also have the ssh daemon binding to a
few
non-standard high ports, as well as port 80 and 443 on a second public IP
(second IP is necessary to not interfere with operation of my web server).

If
none of that works, then I'll fire up the OpenVPN client and try to
connect.
If it works, then it's all good, because once again, connectivity
via ipsec
tunnel with routing established.

If none of *that* works (and I've only
encountered it on one network where
they hit everything), well, them I'm
pretty much out of ideas
. For ipv4.

My VPS is also dual-stacked, with a
native ipv6 connection, so I try all
but the first step again via ipv6,
because I can usually get a v6 address
via ISATAP or Teredo. If I can reach my
VPS over ipv6, then I can
communicate to my home network over v4. The network
that I mentioned that
had ipv4 locked down? Let me out easy via v6.

On
10/7/12 1:14 AM, "John Pelletier" <john.pelletier_at_altima-group.com>
wrote:

>I
cannot use telnet out of the network I work on to get to my rack at
>home. I
could set up a
>ASA to terminate a VPN client I would think to do this but is
there any
>other way? Currently
>I use port forwarding on my home wireless
router to turn on the rack and
>telnet to the terminal
>server to jump off to
each device using secure crt. Ideas?
>
>
>Blogs and organic groups at
http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at
http://www.ccie.net/
Received on Mon Oct 08 2012 - 18:39:13 ART