Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote Management of Cisco 871 via Internet

Status
Not open for further replies.
ivessm

ivessm

Programmer
Nov 30, 2003
32
0
0
US
I just installed a Cisco 871 router and would like to remotely manage it from my office via the Internet. To maintain security I would like to limit the incoming IP address to that of my office.

I used SDM to configure the 871.

Q: Can I remotely manage this router and how do I set it up?

Q: Can I set it up via the SDM or do I have to use the CLI to do it?

Thank you.

stew
 
Sort by date Sort by votes
Yes you can manage it remotely. I recommend using the CLI via a SSH connection. If SDM is installed, you can do it with SDM as well - but becareful because in my experience using SDM remotely can contribute to users experiencing slowness and the router seems to slow a bit for some reason.

Review the following to setup SSH:

**example outside interface connected to ISP/Internet*

interface FastEthernet4
description $ES_WAN$$ETH-WAN$$FW_OUTSIDE$
ip address 1.1.1.1 255.255.255.0
ip access-group 103 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
shutdown
duplex auto
speed auto

**example ACL that allows SSH access into the outside interface#4**

access-list 103 permit tcp host 12.28.104.10 host 72.20.66.147 eq 443
access-list 103 permit tcp host 12.28.104.10 host 72.20.66.147 eq 22
access-list 103 permit tcp host 12.28.104.10 host 72.20.66.147 eq cmd
access-list 103 deny ip any any log


**example ACL for VTY traffic control** - limits access to local LAN and your public IP your connection is coming from


access-list 106 remark VTY Access-class list
access-list 106 remark SDM_ACL Category=1
access-list 106 permit ip <local subnet address> <local subnet wildcard netmask> any
access-list 106 permit tcp host <your source public IP> any
access-list 106 deny ip any any

**example VTY interface config**

line vty 0 4
access-class 106 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
 
Upvote 0 Downvote
Thanks kbing.

I'll take a serious look at this.

I was hoping to stay away from the CLI. It's not that I don't like command line interfaces but I would just rather not have to learn another command set. I have resisted taking a serious dive into the Cisco OS but I guess I'll have to.

Can you recommend any good starting books?

Thanks.

stew
 
Upvote 0 Downvote
ivessm

I have just attended and finished the Cisco Academy Training program for the CCNA.

The 4 books used in the classes from the Cisco Academy Training Progam by Wendell Odom and others are well written and easy to understand.
The book are published by Cisco Press.

///doktor
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
118
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
101
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
117
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
102
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
135
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top