Buy or Renew
Buy or Renew
Cisco Community present at Cisco Live EMEA 2023. See you in Amsterdam! Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
818
Views
10
Helpful
5
Replies

Best place to put a CUBE behind a FW

mdrangell22
Beginner
Beginner

‎04-03-2021 12:30 PM - edited ‎04-03-2021 12:31 PM

Hello

 

I'm deploying a CUBE to connect a SIP TRUNK to ITSP and I'm wondering if its recommending to put a CUBE in the LAN or It's best to put it in DMZ?

 

If I put it in LAN or DMZ which IP should I give it to my ITSP to build the SIP TRUNK?

Labels:
5 Replies 5

Jaime Valencia
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

‎04-03-2021 02:10 PM

You've already asked this...

https://community.cisco.com/t5/ip-telephony-and-phones/what-is-the-best-place-to-place-the-cube/m-p/4056301

HTH

java

if this helps, please rate
0 Helpful

mrangel
Beginner
Beginner
In response to Jaime Valencia

‎04-03-2021 02:29 PM

I have to be honest I didn't remember I posted that....

 

Anyway that was 1 year ago and in that moment we didn't know how the ITSP was going to give us the SIP Trunk and We also postponed until few weeks ago when the company finally hired the service.

 

They are giving us the service SIP Trunk over our existing Range IP Wan Internet attached to our FW so I don't know exactly where to place the CUBE. I suppose that the best is to place it in a DMZ with one of the IP of our WAN Internet to have connectivity end to end but that mean I will have to use one IP just for this service.... It's possible to place it in LAN Interface and if its possible which IP should I give to our ITSP? Any other deployment recommendation? 

mdrangell22
Beginner
Beginner
In response to mrangel

‎04-04-2021 10:58 AM

Nobody can help me?

0 Helpful

Roger Kallberg
VIP Expert VIP Expert
VIP Expert
In response to mrangel

‎04-05-2021 12:20 AM - edited ‎04-05-2021 12:53 AM

If the SIP service is delivered on your internet connection it is advisable to put the outside interface of the SBC (Cube) on an interface in the firewall and it works best if you use a specific IP address for it. However it’s advisable to work with the admin of the firewall system to verify the proper functionality of the SIP service as it adds complexity to the mix.

Besides from this the answers you got from Chris an me on the other post are still valid.



Response Signature


0 Helpful

Scott Leport
Rising star
Rising star

‎04-06-2021 08:53 AM - edited ‎04-06-2021 08:55 AM

Hi @mdrangell22

 

It seems you've already got the answers here. As mentioned, the two typical choices are CUBE on a new DMZ off your Firewall or the CUBE has an interface to the ITSP equipment.

I've understood that it's the former which is the topology here, so your CUBE would connect to a DMZ port on your Firewall and there would be a 1:1 NAT translating the "DMZ IP" to a spare public IP address configured on your Firewall.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents