|
|
Connecting CMS/VCMS and managed console servers when they are on
separate private or firewalled networks?
Often, console servers or the CMS itself will be on a private,
firewalled network and unable to connect to each other.
Whatever the topology, if either CMS can SSH to the console server, or
the console server can SSH to CMS, the CMS can manage the console server.
There are three main scenarios:
-
The console server has a public address, the CMS has a private or firewalled address.
In this case, ensure the third-party firewall allows outbound
connections the distributed console server's SSH port (outbound
destination TCP port 22). This is the default behaviour of most firewalls.
The distributed console server will not be detected by the CMS, but can
be added manually at the CMS using Configure -> Managed Console Servers
-> New Console Server -> Add.
-
The console server has a private or firewalled address, the CMS has a
public address.
This is a common for console servers using cellular connections. On the
console server, use Serial & Network -> Call Home to connect the console
server to the CMS public address.
The distributed console server will then be detected by the CMS and can
be added using Configure -> Managed Console Servers -> Remote Console
Servers.
Call Home is discussed in more detail in:
faq372 - Call Home
faq373- Set up Call Home on console server and
faq374- Set up Call Home on CMS/VCMS.
-
Both the console server and CMS have a private or firewalled address.
There are two options in this scenario:
(a) Make CMS accessible by the console servers
This is usually the preferable option if there are multiple console
servers with private or firewalled addresses - common with console
servers using cellular connections connecting to a CMS on a central
private operations network.
Configure the third-party firewall to port forward (PAT) from its public
address to the CMS's private address, targeting TCP port 22. The public
forwarded port may be any port, e.g. 2222.
Configure the CMS with the external IP or DNS address of the third-party
firewall. Connect to the CMS command line using SSH and run:
config -s config.cms.address=4.3.2.1
config -s config.cms.sshport=2222
.. where 4.3.2.1 is public address of the third-party firewall, and 2222
is the public forwarded port.
Once this is done, the managed console server can Call Home to the CMS
using the forwarded port as per scenario 2 above.
(b) Make the console server accessible by CMS
Configure the third-party firewall to port forward (PAT) from its public
address to the console server's private address, targeting TCP port 22.
The public forwarded port may be any port, e.g. 1022, 2022 - this allows
for multiple console servers to be managed behind a single firewall.
Once this is done, add the managed console server to CMS as per scenario
1 above.
|
