Re: Console Servers & Cellular Providers

[David Hubbard <dhubbard () dino hostasaurus com>]

We get static IP's to facilitate monitoring that the OOB remains online (easier to hit a non-changing IP than getting 
false positives for outage between an IP change and DDnS or whatever other type of update needs to happen), and it also 
makes IPSec VPN easy if your roving sysadmins know what IP to VPN into for a given site, when DNS may or may not be 
working.


On 2/7/18, 12:49 PM, "NANOG on behalf of Chris Marget" <nanog-bounces () nanog org on behalf of chris () marget com> 
wrote:

    Lots of references to static IPs from cellular providers for OoB access in
    this thread. Why? It seems like a dial-home scheme is an obvious solution
    here, whether it's Opengear's Lighthouse product, openvpn, or whatever...
    
    Do you all have a security directive that demands whitelisted IP addresses?
    
    I've got a handful of OoB systems that dial home via cellular, but only
    after they've been poked by SMS. Opengear's auto-response facilitates that,
    and I've done it with EEM (to start DMVPN) on Cisco ISRs.
    
    The main headache I've run into is that it's tough to get a SIM card from
    ATT that does data and SMS: ATT's M2M plans don't allow SMS, and moving the
    SIM from an iPhone to "a computer" causes the SMS capability to vanish. My
    ATT OoB boxes (used only where Verizon is reported to not work) are online
    all the time.