NOC servers with public/private ip address
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Wed Aug 15 15:18:22 UTC 2001
On Wed, 15 Aug 2001 11:07:21 EDT, you said:
> Using a NAT in a NOC situation makes audit trails harder to maintain,
> as all administrative connections to your network devices will appear
> to come from (one of) the address(es) of the NAT device.
Right. That too - that's why I advised against it. Choices I see
as reasonable:
1) A totally isolated management net in 1918 space.
2) A totally isolated management net in your space.
3) A firewalled management net in your space.
4) A management net in 1918 space, and a bastion host that lives in the
1918 space and your space to get stuff in/out with (no direct connections
available - copy stuff to the bastion from one side, then copy out from
the other).
Of course, for options (3) and (4) you need to have a very clear
understanding of how you are handling security for the management net.
And for options (1) and (2), you need to be careful that it *does*
stay isolated - all it takes is one router that's forwarding packets
for it to change into (3) or (4). ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010815/9e42925a/attachment.sig>
More information about the NANOG
mailing list