[unisog] Secure Cisco device management

Mark Brochu mbrochu at hartford.edu
Mon Mar 20 19:10:50 GMT 2006


We use an management server with 2 nics, one being in the public vlan 
and one being in the management vlan.  Also, we have dedicated ports in 
certain areas that are members of our management vlan.  Access to the 
NMS is done via ssh.  It also runs squid proxy (via ssh tunnel) for 
those devices that require http access.  However, if your management app 
requires dynamic ports you will have to look into a vpn solution...

Mark Brochu
Network Analyst
University of Hartford

Jenkins, Matthew wrote:
> I am looking to get some thoughts on locking down our management vlan where our Cisco gear (and other management devices) sit.  We have thrown around the idea of a VPN solution so that we can access devices from other networks other than where our administrator's workstations sit.  Does anyone have any suggestions for locking down a management network, and what kind of access into the network you would recommend (i.e. multihomed workstations/servers, vpn solution, etc.)?  Thanks for your suggestions,
> Matt
> Matthew Jenkins
> Network/Server Administrator
> Fairmont State University
> 304.367.4955
> AOL: MLJenkinsCom  Yahoo: mljenkins  ICQ: 8116624  MSN
> Visit us online at www.fairmontstate.edu
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list