Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
681
Views
0
Helpful
2
Replies

Manage cisco device only over IPSEC

DanLam49130
Level 1
Level 1

‎10-17-2019 05:16 AM - edited ‎02-21-2020 09:46 PM

I have a network with Cisco components. I would like to manage them only over IPSEC (I am working with asymmetric model -  x509 certificates with PKI).

So I would like that only computers which has the correct private key could manage the cisco devices (via telnet/ssh) and if computer doesn't have the private key, it can't open the vpn tunnel and it will not be accessible to a management interface (so, even if someone has password for the device, he can't connect to the device).

SSH doesn't support x509 certificates so, using ssh keys is not enough. 

 

For example (See the file example.PNG):

A,B,C - cannot manage each other (cannot even access to telenet/ssh). D can manage them with private key after he opens an ipsec tunnel (and of course anyone that will receive the private key, can open an ipsec tunnel and manage the devices via telnet/ssh).

 

Do you know a way to do it?

Thanks!

Labels:
Preview file
7 KB
0 Helpful
2 Replies 2

Deepak Kumar
VIP Alumni
VIP Alumni

‎10-17-2019 06:22 AM

Hi,

I didn't get your complete question what is your meaning by open VPN connection? Here is a guide for SSH public key authentication:

https://networklessons.com/uncategorized/ssh-public-key-authentication-cisco-ios 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

DanLam49130
Level 1
Level 1
In response to Deepak Kumar

‎10-17-2019 07:37 AM

open VPN connection = open IPSEC connection.

SSH doesn't support PKI (only private and public keys).

In addition, telenet doesn't support encryption so, I am searching for solution that is suitable for all types of management protocols. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents