Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

EpsilonX

1 Message

9169

December 7th, 2006 18:00

Using DRAC5 through a router

One client we support has a DRAC5 on a PowerEdge 2900, configured with a fixed IP.  On the router, I've forwarded all these ports to the DRAC5 according to the DRAC5 documentation from Dell:
 

Port Number

Function

22*

Secure Shell (SSH)

23*

Telnet

80*

HTTP

161

SNMP Agent

443*

HTTPS

623

RMCP/RMCP+

3668*

Virtual Media server

3669*

Virtual Media Secure Service

5900*

Console Redirection keyboard/mouse

5901*

Console Redirection video

 

I can logon to the web console of the DRAC and use console redirection when INSIDE the network, using my laptop.  Taking my laptop to my home office and connecting outside the network, I can logon to the web console of the DRAC but when I try to redirect the console I get a timeout error.  The second window does open, and it attempts to connect to the DRAC.  The error I get is:

"There was an error connecting to the remote system.
Reason: A timeout occurred"

I've tried this from multiple computers remotely, multiple browsers (IE6, IE7, FireFox 1.5).  With FireFox it just opens a blank window.  Not concerned about that.

So I setup a DMZ on the router to point to the DRAC's IP address.  No change, even after resetting the router.

Any ideas?

DELL-JamesC

206 Posts

December 11th, 2006 19:00

I suspect a vKVM timeout.  The Virtual KVM listens on TCP port 5901.  I would double check this port.  Another possibility is the actual video pipe on port 5900.
 
Console Redirection Security Authentication and Encryption

DRAC 5 can continuously redirect the managed system’s video, keyboard and mouse (KVM) to the management station. It is a very powerful feature, is very easy to use, and does not require any software installation on the managed system. A user can access this feature to remotely manage the system as if they were sitting in front of the system.

A security authentication and encryption protocol has been implemented in console redirection to prevent a hostile, rogue client from breaking into the console redirect path without authenticating though the web server. 128-bit SSL encryption secures the keyboard keystrokes during the remote console redirection and therefore does not allow unauthorized “snooping” of the network traffic.

The following sequence of security protocol operations is performed during the establishment of a console redirection session:

1)      A user logs into the main web GUI then clicks the “Open Consoles” tab.

2)      The Web GUI sends a pre-authentication request to the DRAC 5 web server via the HTTPS channel (SSL encrypted).

3)      The DRAC 5 web server returns a set of secret data (including an encryption key) via the SSL channel. The console redirection authentication key (32 bytes long) is dynamically generated to prevent replay attack.

4)      The Console redirection client sends a login command with an authentication key to a console redirection server keyboard/mouse port for authentication via SSL channel.

5)      If authentication is successful, a console redirection session and two console redirection pipes (one for keyboard/mouse and one for video) are established. The keyboard/mouse pipe is always SSL encrypted. The video pipe encryption is optional. (Users can choose to encrypt or not to encrypt the video pipe before they start their console redirection session).

Port List for the DRAC 5 (And All OM Apps)
 
 
 
 

Was this post helpful?

View All

0 events found

No Events found!

Top