How To Setup Secure Remote Access To A Router?
Secure Access is a mode where a remote administrator can configure and monitor a router without having physical access to the router. It is also known as Web-based Access. Secure Access gives support for Serial Console Redirection, Telnet/SSH Redirection and HTTPS access.
Normally a Router is designed to provide a Local area Network with an Internet connection. This router can be configured to work as a firewall and the network will consist of a Private LAN with NAT (Network Address Translation) which hides all internal hosts from the outside world. It also provides DHCP server for local host configuration and DNS server for performing name resolutions on internal networks.
There are many cases where the IT administrator of a company may need to remotely access his workstation or some other machine on LAN behind that router. This is usually referred to as “Remote Access” or “Remote Administration” and is a very common requirement of a home user as well as a network administrator.
Setup Secure Remote Access to a Router
The following steps will help you to secure remote access to a router:
Step1: Login to the router’s local configuration page from a web browser.
Step2: Open the Configuration Tab from the top menu of this webpage and then click on “Remote Access” under Services .
Step3: In the ” Secure Access Username and Password” field, enter a username and password for remote access.
Step4: From ” Web Page Redirection”, select HTTPS Only option to allow secure remote access only through HTTPS connection.
Note1 : Router will now display two URLs- one is HTTP (unsecured) which you can use for general purpose access, without requiring username or passwords; another URL is HTTPS (Secure) which gives access to authenticated users with prior knowledge of username/password configured in step3 above. NOTE – For a typical remote access, configure this as shown in step3 above.
Step5: From “Port-Forwarding menu”, select a specific service for which you want to allow remote access from the Internet.
Step6: Enter a Local Host Port and an external destination port number on which remote users can access the router remotely . In the case of FTP, the local host port is normally 21 and the external destination port is any one of those numbers starting from 20 to 22 depending upon your requirement.
Note2 : Your ISP will generally provide your public IP address on some predefined side of router’s WAN interface (outside), while Router’s LAN interface (inside) may be having private addresses like 192.168.0.1 or 10.10.0.1 or any other suitable private address.
Step7: Set “HTTP Server Port” , “HTTP Redirection Port” and “HTTPS Server Port” to the same port number which you have configured in step5 above.
Step8: Now click on the Apply button, router will ask for confirmation of remote access configuration, here by clicking OK option will save all changes made to secure remote access configuration of this router.
NOTE : If at any stage, for example at Step7 above, you decide not to continue with setting up remote access on your router, just click on the Cancel button without taking further action .
Step9: Once the above mentioned settings are done properly , you will be able to connect remotely from your workstation (using browser) to your router. Now you can change any configuration on this interface for securing remote access, like changing username and password etc.
Step10: If required, you can configure the ports in such a way that only HTTP connections are allowed but HTTPS connection is blocked (this takes care of security issues). In such a case make sure “HTTP Server Port” and “HTTP Redirection Port” configured in step7 above should be the same as which you have selected in step4 above.
Step11: Once all steps mentioned in this article are done, open the Network and Sharing Center in the Control Panel and click on Manage Network Connections option under network and sharing center . This will open up a networking connections dialog where you need to select the Local Area Connection option and then click on the Edit button.
Step12: The Network Connections dialog box will now open up, from this dialog box under the list of network connections, just right-click on Internet Protocol Version 4 (TCP/IPv4) , select Properties; Now click on Advanced Button to open advanced TCP/IP settings dialog.
Step13: This will bring-up another dialog box where you need to scroll down to “Use default gateway on remote network” option, uncheck this option (by clicking Yes or No radio button), finally click OK .
Now your computer is ready to access the router remotely over an unsecured connection.
Securely Access a router will allow you to have full control of your entire network by allowing you to remotely manage all devices present on your network including servers, printers, workstations etc.
This will help in preventing loss of revenue associated with downtime caused due to server failure, loose cables on the wall etc. It is more important for businesses who cannot afford downtime during emergencies.Secure remote access can be used to backup routers too if they are equipped with USB ports or not running some version of DD-WRT firmware that does not support storing configurations via tftp.
If you do not wish to share your local area network (LAN) with anyone, then use switch protocols like Link Aggregation Control Protocol (LACP) that helps the router’s switch (internal LAN ports) act as one big virtual trunk link. It is more secure than normal switches and needs to be configured on both sides of the connection which is out of scope for this article. You may also configure backup links for LAN segments or Sub-Interfaces in case the main interface fails over.Router’s HTTP/HTTPS protocol supports traffic encryption using Secure Sockets Layer (SSL), transport layer security (TLS), and pretty good privacy (PGP).