Hi, you can also specify HTTPS:
source-interface Loopback0 http-proxy "<proxy-IP>" port 8080 no http secure server-identity-check no destination transport-method email profile "<myorg-profile>" reporting smart-licensing-data destination transport-method http destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService I do bounce my smart-account access through a proxy I manage. I found that more comfortable that running their on-prem satellite, or letting my devices phone-home directly. ttyl, Hagen Amen | Multco IT Networking On Wed, Feb 24, 2021 at 6:48 AM Hank Nussbacher <[email protected]> wrote: > External Sender - Be Suspicious of Attachments, Links, and Requests for > Payment or Login Information. > > -------------------------------------------------------------------------------------------------------------------------------------------- > > On 24/02/2021 13:28, Dave Bell wrote: > > Thanks. I was afraid of that. > > Based on: > > https://community.cisco.com/t5/routing/c5921-smart-licensing-fail-to-send-out-call-home-http-message/td-p/3860001 > > It appears to be using http (not https?) to connect to: > http://tools.cisco.com/its/service/oddce/services/DDCEService > > Seriously?! No https? > > And is it only gonna connect to 173.37.145.8 or will other IPs try to > connect? So should I create some ACL to *only* allow 173.37.145.8:80 to > protect my routers? > > What have others done? > > -Hank > > > I believe it's required that it must stay there. > > > > You can run an on-prem version of the manager which your routers can > > call in to. This will then call into Cisco for you. > > > > https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html > > <https://www.cisco.com/c/en/us/buy/smart-accounts/software-manager.html> > > > > It's all a massive pain. We have kit that randomly stops calling in, and > > generates angry messages in dashboards. > > > > The sneaky alternative is that it's all honour based anyway (at least > > for the range we are using). Just let it sit in eval mode and move on > > with your life. > > > > Regards, > > Dave > > > > On Wed, 24 Feb 2021 at 11:22, Hank Nussbacher <[email protected] > > <mailto:[email protected]>> wrote: > > > > So we bought a bunch of ASR1009x along with IOS-XE and are > encountering > > the joy of Smart licensing. > > > > Once we have our license established, do we need to leave the > > "call-home" section? > > > > To me it screams "security violation" and something I'd like to > > permanently disable after getting the license activated. > > > > Or does Cisco like to have their routers constantly ping the > mothership > > in regards to the licensing? > > > > > > Regards, > > > > Hank > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > <mailto:[email protected]> > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > <https://puck.nether.net/mailman/listinfo/cisco-nsp> > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > <http://puck.nether.net/pipermail/cisco-nsp/> > > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > [This email was encrypted for your privacy and security] _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
