Console Servers & Cellular Providers
David Hubbard
dhubbard at dino.hostasaurus.com
Wed Feb 7 18:29:00 UTC 2018
We get static IP's to facilitate monitoring that the OOB remains online (easier to hit a non-changing IP than getting false positives for outage between an IP change and DDnS or whatever other type of update needs to happen), and it also makes IPSec VPN easy if your roving sysadmins know what IP to VPN into for a given site, when DNS may or may not be working.
On 2/7/18, 12:49 PM, "NANOG on behalf of Chris Marget" <nanog-bounces at nanog.org on behalf of chris at marget.com> wrote:
Lots of references to static IPs from cellular providers for OoB access in
this thread. Why? It seems like a dial-home scheme is an obvious solution
here, whether it's Opengear's Lighthouse product, openvpn, or whatever...
Do you all have a security directive that demands whitelisted IP addresses?
I've got a handful of OoB systems that dial home via cellular, but only
after they've been poked by SMS. Opengear's auto-response facilitates that,
and I've done it with EEM (to start DMVPN) on Cisco ISRs.
The main headache I've run into is that it's tough to get a SIM card from
ATT that does data and SMS: ATT's M2M plans don't allow SMS, and moving the
SIM from an iPhone to "a computer" causes the SMS capability to vanish. My
ATT OoB boxes (used only where Verizon is reported to not work) are online
all the time.
More information about the NANOG
mailing list