|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NOC servers with public/private ip address
On Wed, 15 Aug 2001 11:07:21 EDT, you said: > Using a NAT in a NOC situation makes audit trails harder to maintain, > as all administrative connections to your network devices will appear > to come from (one of) the address(es) of the NAT device. Right. That too - that's why I advised against it. Choices I see as reasonable: 1) A totally isolated management net in 1918 space. 2) A totally isolated management net in your space. 3) A firewalled management net in your space. 4) A management net in 1918 space, and a bastion host that lives in the 1918 space and your space to get stuff in/out with (no direct connections available - copy stuff to the bastion from one side, then copy out from the other). Of course, for options (3) and (4) you need to have a very clear understanding of how you are handling security for the management net. And for options (1) and (2), you need to be careful that it *does* stay isolated - all it takes is one router that's forwarding packets for it to change into (3) or (4). ;) -- Valdis Kletnieks Operating Systems Analyst Virginia Tech Attachment:
pgp00008.pgp
|