cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
154
Views
0
Helpful
2
Replies
Highlighted
Beginner

Manage cisco device only over IPSEC

I have a network with Cisco components. I would like to manage them only over IPSEC (I am working with asymmetric model -  x509 certificates with PKI).

So I would like that only computers which has the correct private key could manage the cisco devices (via telnet/ssh) and if computer doesn't have the private key, it can't open the vpn tunnel and it will not be accessible to a management interface (so, even if someone has password for the device, he can't connect to the device).

SSH doesn't support x509 certificates so, using ssh keys is not enough. 

 

For example (See the file example.PNG):

A,B,C - cannot manage each other (cannot even access to telenet/ssh). D can manage them with private key after he opens an ipsec tunnel (and of course anyone that will receive the private key, can open an ipsec tunnel and manage the devices via telnet/ssh).

 

Do you know a way to do it?

Thanks!

Everyone's tags (3)
2 REPLIES 2
VIP Advocate

Re: Manage cisco device only over IPSEC

Hi,

I didn't get your complete question what is your meaning by open VPN connection? Here is a guide for SSH public key authentication:

https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Beginner

Re: Manage cisco device only over IPSEC

open VPN connection = open IPSEC connection.

SSH doesn't support PKI (only private and public keys).

In addition, telenet doesn't support encryption so, I am searching for solution that is suitable for all types of management protocols.