Securing OOB

PC paul4004 at
Mon Apr 23 09:14:28 CDT 2012

My preferred OOB solution is cellular where possible.  (Many companies make
such a dedicated product, or roll your own).

Most cellular providers can provide a private APN with private IP addresses
delivered back to you via a VPN tunnel.  In many cases, telemetry (IE: 50Mb
or less per month) data plans cost much less than DSL lines or analog
lines.  In some installations, it's also diverse to backhoe accidents due
to it not riding the same copper bundle.

Besides, it's easy to install and you don't have to deal with the copper
analog handoff.

Otherwise... DSL and IPSEC vpn also works.  Analog is in the last option
for me.

On Mon, Apr 23, 2012 at 7:31 AM, Saku Ytti <saku at> wrote:

> On (2012-04-23 12:45 +0000), Leigh Porter wrote:
> > I have juniper SRX110s that use the magic new multi site IPSec thing.
> +1. This is the way to roll OOB, CPE (Cisco ISR, Juniper SRX), RS232
> console server (opengear, avocent) and switch if you happen to have modern
> gear which support proper OOB like Nexus7k, and not enough ports in the
> CPE.
> OOB CPE could be reused for other functions to justify cost, like DCN
> router, both SRX and ISR have models doing CLNS routing.
> With correct CPE, same CPE can do 3G, ADSL and ethernet, depending on what
> is available in given site.
> Some RS232 console servers do deliver subset of needed features, like 3G,
> IPSEC and Ethernet might be there. But that does not mean that it'll be
> OPEX nor CAPEX chaper to try to do it all in one box.
> --
>  ++ytti

More information about the NANOG mailing list