We get static IP's to facilitate monitoring that the OOB remains online (easier to hit a non-changing IP than getting false positives for outage between an IP change and DDnS or whatever other type of update needs to happen), and it also makes IPSec VPN easy if your roving sysadmins know what IP to VPN into for a given site, when DNS may or may not be working. On 2/7/18, 12:49 PM, "NANOG on behalf of Chris Marget" <nanog-bounces@nanog.org on behalf of chris@marget.com> wrote: Lots of references to static IPs from cellular providers for OoB access in this thread. Why? It seems like a dial-home scheme is an obvious solution here, whether it's Opengear's Lighthouse product, openvpn, or whatever... Do you all have a security directive that demands whitelisted IP addresses? I've got a handful of OoB systems that dial home via cellular, but only after they've been poked by SMS. Opengear's auto-response facilitates that, and I've done it with EEM (to start DMVPN) on Cisco ISRs. The main headache I've run into is that it's tough to get a SIM card from ATT that does data and SMS: ATT's M2M plans don't allow SMS, and moving the SIM from an iPhone to "a computer" causes the SMS capability to vanish. My ATT OoB boxes (used only where Verizon is reported to not work) are online all the time.