Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
8
Replies

Comunnication between voice networks (Best Practices?)

Rolando Valenzuela
Level 4
Level 4

‎01-26-2016 08:26 AM - edited ‎03-18-2019 11:47 AM

So I was wondering what is the best practice when it comes to voice networks and firewall ports, I remember that somebody told me that unrestricted access is the best way to go to avoid any one-way audio and similar, which makes sense for voice vlans, but now with Jabber and other Collaboration solutions, IP to IP is still recommended?

I found this URLs:

CUCM ports

Jabber ports

Adding a bunch of line on the firewall for all the ports and protocols is not completely smart (yes, you can use object groups but still is a lot of work, and difficult to troubleshoot in my opinion)

What is your recommendation or best practice to allow communication between collaboration subnets?

Thank you.

Rolando Valenzuela.

Labels:
0 Helpful
8 Replies 8

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-27-2016 01:25 AM

Don't run voice through a firewall unless you really have to.

0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to Philip D'Ath

‎01-27-2016 07:52 AM

Unfortunately in my case, I have to :( if that is the case? IP2IP will be the best?

Thanks!

Rolando Valenzuela.

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Rolando Valenzuela

‎02-01-2016 09:22 AM

If you need to run voice through firewall you need to open the required ports as documented in Cisco guides.  It really depends on what is behind firewall, i.e. just phones, GW, CUBE, applications, etc?

0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to Chris Deren

‎02-01-2016 09:29 AM

Well, my concern is mostly with Jabber.

For voice only networks I dont my go IP-IP, but whit Jabber in mind, PC networks needs those access too and the port list increase with each release, so if I have Jabber+phones+GW+CUCM?

Thanks.

0 Helpful

Chris Deren
Hall of Fame
Hall of Fame
In response to Rolando Valenzuela

‎02-01-2016 09:34 AM

Well, there is not magic here. 

If you want firewall between CUCM/phones,client you need to open the ports.

Is the firewall on the internal network?  Do you have network diagram showing which components are in which firewall zone?

0 Helpful

Rolando Valenzuela
Level 4
Level 4
In response to Chris Deren

‎02-02-2016 12:32 PM

No at the moment, and is not a design problem, is more a "learning" problem.

Dont worry to much Chris, thank you for all your help! :D

Rolando Valenzuela.

0 Helpful

Rejohn Cuares
Level 4
Level 4
In response to Rolando Valenzuela

‎02-02-2016 08:47 PM

You should allow the required to pass-through the firewall. Yes it is a pain and there is no silver bullet.

Please rate replies and mark question as "answered" if applicable.
0 Helpful

Rolando Valenzuela
Level 4
Level 4

‎02-01-2016 08:14 AM

-Bump-

0 Helpful
Customers Also Viewed These Support Documents