cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1065
Views
0
Helpful
3
Replies
Highlighted
Beginner

Creating a subinterface on a router for management

I'm working on a production lab, and I've run into a small issue. I need to have some way of remotely accessing my router from a vpn. However I don't have a spare port to assign an IP from the VPN network on. right now my lab set up looks like:

The line from the external network enters in through port F0/0 of my 2621 router. I then route (and DHCP, NAT...) into my internal production network, which then go onto a switch from port F0/1.

Now, I'm looking for someway to create a subinterface on F0/1 that only deals with traffice from a management network. Just an IP address that I can use to telnet (and SSH) into and access the router. This subinterface can't interact at all with the external or production network for security reasons.

I need to know 1) if this can be done at all and 2) will doing so open my network to security loopholes?

I've attached what my network looks like

3 REPLIES 3
Highlighted
Beginner

why dont u create a loopback interface and advertise it over the vpn tunnel

Highlighted

I don't have access to any of the equiptment that routes the VPN traffic, so I can't set up any kind of layer 3 routing to inform everything of how to hit that loopback interface.

Highlighted
Beginner

Would you be willing to remove passwords and keys and post configs?

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts
Content for Community-Ad