Solved: Re: Block Everything On WAN but the sip VOIP company - Page 2

alexten1983 · ‎10-23-2019

I want to block everything on my wan port all ports and Ip addresses but this

ports 5060-5080 should be allowed in order to properly communicate with the servers. Users experiencing audio issues may want to check that RTP audio is not blocked by their firewall configuration:

IP addresses/Networks

204.11.192.0/24

OR

204.11.192.0 - 204.11.192.255

66.193.176.35
66.193.176.54
66.193.176.58

Additionally, you may, but don't need to, specify the following hostnames

ns1.telengy.net
ns2.telengy.net
msw1.telengy.net
msw2.telengy.net

I'm using the 2821 router with cme 8.5 how would I go about it?

Chris Deren · ‎10-29-2019

Your configuration allows All UDP and TCP traffic in and out from hosts 66.193.176.35, 66.193.176.54, 66.193.176.58 and subnet 204.11.192.0/24. If that is what you wanted after all, then it is correct. If you need to restrict it to specific ports only then you'll need to further tweak your rules to include only those ports.

alexten1983 · ‎10-29-2019

Hey, I have a new problem. when I add that ACL after some time it loses register with a sip server. I did a debug and it looks like it does it on domain name and not an IP. How would I go about to add a trusted domain to ACL?

001648: Oct 29 13:40:00.457: //2501/000000000000/SIP/Info/act_idle_outgoing_register: Send REGISTER to callcentric.com:5060

alexten1983 · ‎10-29-2019

Never mind I forgot to add my dns server to the ACL.