We get static IP's to facilitate monitoring that the OOB remains online (easier
to hit a non-changing IP than getting false positives for outage between an IP
change and DDnS or whatever other type of update needs to happen), and it also
makes IPSec VPN easy if your roving sysadmins know what IP to VPN into for a
given site, when DNS may or may not be working.
On 2/7/18, 12:49 PM, "NANOG on behalf of Chris Marget"
<nanog-boun...@nanog.org on behalf of ch...@marget.com> wrote:
Lots of references to static IPs from cellular providers for OoB access in
this thread. Why? It seems like a dial-home scheme is an obvious solution
here, whether it's Opengear's Lighthouse product, openvpn, or whatever...
Do you all have a security directive that demands whitelisted IP addresses?
I've got a handful of OoB systems that dial home via cellular, but only
after they've been poked by SMS. Opengear's auto-response facilitates that,
and I've done it with EEM (to start DMVPN) on Cisco ISRs.
The main headache I've run into is that it's tough to get a SIM card from
ATT that does data and SMS: ATT's M2M plans don't allow SMS, and moving the
SIM from an iPhone to "a computer" causes the SMS capability to vanish. My
ATT OoB boxes (used only where Verizon is reported to not work) are online
all the time.
