I'm working on a production lab, and I've run into a small issue. I need to have some way of remotely accessing my router from a vpn. However I don't have a spare port to assign an IP from the VPN network on. right now my lab set up looks like:
The line from the external network enters in through port F0/0 of my 2621 router. I then route (and DHCP, NAT...) into my internal production network, which then go onto a switch from port F0/1.
Now, I'm looking for someway to create a subinterface on F0/1 that only deals with traffice from a management network. Just an IP address that I can use to telnet (and SSH) into and access the router. This subinterface can't interact at all with the external or production network for security reasons.
I need to know 1) if this can be done at all and 2) will doing so open my network to security loopholes?
I've attached what my network looks like
I don't have access to any of the equiptment that routes the VPN traffic, so I can't set up any kind of layer 3 routing to inform everything of how to hit that loopback interface.