Remote Access and Management
Unlock the complete study guide + 1,040 practice questions across 16 full exams.
Bundled into the existing CompTIA Network+ premium course — no separate purchase.
Included in this chapter:
- In-band vs out-of-band management
- SSH: the secure CLI that replaced Telnet
- VPN architectures: who connects, what tunnels, how much
- Management interfaces, bastion hosts, and exam patterns
Choosing a secure remote-access channel
| Decision factor | Site-to-site IPsec VPN | Client-to-site TLS/SSL VPN | SSH |
|---|---|---|---|
| What it connects | Two whole networks, gateway-to-gateway | One user's device into the network | One administrator into one host's CLI |
| Typical transport | ESP (IP proto 50) + IKE (UDP 500/4500) | TCP 443 (or QUIC) | TCP 22 |
| Client software | None per user; configured on gateways | Dedicated client or clientless in a browser | SSH client (terminal) |
| NAT/firewall traversal | Needs ESP + IKE permitted; NAT-T for NAT | Traverses NAT and port-443 firewalls cleanly | Single well-known port, usually allowed |
| Best fit | Permanent office-to-office links | Remote/work-from-home users | Day-to-day device administration |
Decision tree
Cheat sheet
Unlock with Premium — includes all practice exams and the complete study guide.
Also tested in
References
- Cisco: Network Management System best practices
- RFC 4251: The Secure Shell (SSH) Protocol Architecture Whitepaper
- RFC 4301: Security Architecture for the Internet Protocol Whitepaper
- NIST SP 800-77 Rev. 1: Guide to IPsec VPNs Whitepaper
- NIST SP 800-52 Rev. 2: Guidelines for the Selection, Configuration, and Use of TLS Implementations Whitepaper
- Microsoft: What is Azure Bastion?